Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1011285 |
|
SecurityTracker URL: http://securitytracker.com/id/1011285
|
|
CVE Reference:
CVE-2004-0753, CVE-2004-0782, CVE-2004-0783, CVE-2004-0788
(Links to External Site)
|
Updated: Mar 21 2006
|
Original Entry Date: Sep 15 2004
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
|
Version(s): 0.22 and prior versions
|
Description:
Several vulnerabilities were reported in gdk-pixbug. A remote user can create a specially crafted image file that, when processed by an application using gdk-pixbug, will cause the application to crash or potentially execute arbitrary code.
Mandrake and Red Hat reported that a remote user can create a specially crafted BMP image file that will cause gdk-pixbug to enter an infinite loop [CVE-2004-0753].
It is also reported that Chris Evans discovered several overflows. A heap-based overflow and a stack-based overflow reside in the xpm loader [CVE-2004-0782, CVE-2004-0783]. An integer overflow resides in the ico loader [CVE-2004-0788]. A remote user may be able to trigger the overflows to cause an application that uses gdk-pixbug to crash or possibly execute arbitrary code.
|
Impact:
A remote user may be able to cause an application using gdk-pixbug to crash or potentially execute arbitrary code with the privileges of the application.
|
Solution:
No upstream solution was available at the time of this entry.
|
Vendor URL: ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/ (Links to External Site)
|
Cause:
Boundary error, State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Sep 15 2004 |
(Red Hat Issues Fix for RHEL) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux.
|
|
Sep 15 2004 |
(Fedora Issues Fix for gtk2 for FC2) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(Matthias Clasen <mclasen@redhat.com>)
Fedora has released a fix for gtk2 for Fedora Core 2, which is affected by the gdk-pixbug vulnerability.
|
|
Sep 16 2004 |
(Red Hat Issues Fix for gtk2 on RHEL) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(bugzilla@redhat.com)
Red Hat has released a fix for gtk2 on Red Hat Enterprise Linux 3.
|
|
Sep 16 2004 |
(Fedora Issues Fix for FC2) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(Matthias Clasen <mclasen@redhat.com>)
Fedora has released a fix for Fedora Core 2.
|
|
Sep 16 2004 |
(Mandrake Issues Fix) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
|
|
Sep 16 2004 |
(Fedora Issues Fix for FC1) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(Matthias Clasen <mclasen@redhat.com>)
Fedora has released a fix for Fedora Core 1.
|
|
Sep 16 2004 |
(Fedora Issues Fix for FC1) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(Matthias Clasen <mclasen@redhat.com>)
Fedora has released a fix for Fedora Core 1.
|
|
Sep 16 2004 |
(Debian Issues Fix) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(joey@infodrom.org (Martin Schulze))
Debian has released a fix.
|
|
Sep 16 2004 |
(Red Hat Issues Fix for RHEL) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
|
|
Sep 17 2004 |
(Debian Issues Fix for gtk+) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(joey@infodrom.org (Martin Schulze))
Debian has released a fix for gtk+.
|
|
Sep 17 2004 |
(SuSE Issues Fix) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(Ludwig Nussel <ludwig.nussel@suse.de>)
SuSE has released a fix.
|
|
Sep 17 2004 |
(Mandrake Issues Fix) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
|
|
Sep 22 2004 |
(Gentoo Issues Fix for GTK+ 2) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(Thierry Carrez <koon@gentoo.org>)
Gentoo has released a fix for GTK+ 2.
|
|
Oct 18 2004 |
(Conectiva Issues Fix) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
(Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.
|
|
Jun 24 2005 |
(Sun Issues Final Fix for Solaris) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Sun has issued a fix for Solaris and for Sun JDS.
|
|
Source Message Contents
|
Date: Wed, 15 Sep 2004 16:33:29 -0400
Subject: [none]
|
Mandrake and Red hat reported several vulnerabilities in gdk-pixbug.
A remote user can create a specially crafted BMP image file that will cause gdk-pixbug
to enter an infinite loop [CVE: CAN-2004-0753].
It is also reported that Chris Evans discovered several overflows. A heap-based
overflow and a stack-based overflow reside in the xpm loader [CVE: CAN-2004-0782,
CAN-2004-0783]. An integer overflow resides in the ico loader [CVE: CAN-2004-0788]. A
remote user may be able to trigger the overflows to cause an application that uses
gdk-pixbug to crash or possibly execute arbitrary code.
|
|
Go to the Top of This SecurityTracker Archive Page
|
