SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   gdk-pixbuf Vendors:   GNU [multiple authors]
gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011285
SecurityTracker URL:  http://securitytracker.com/id/1011285
CVE Reference:   CVE-2004-0753, CVE-2004-0782, CVE-2004-0783, CVE-2004-0788   (Links to External Site)
Updated:  Mar 21 2006
Original Entry Date:  Sep 15 2004
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network

Version(s): 0.22 and prior versions
Description:   Several vulnerabilities were reported in gdk-pixbug. A remote user can create a specially crafted image file that, when processed by an application using gdk-pixbug, will cause the application to crash or potentially execute arbitrary code.

Mandrake and Red Hat reported that a remote user can create a specially crafted BMP image file that will cause gdk-pixbug to enter an infinite loop [CVE-2004-0753].

It is also reported that Chris Evans discovered several overflows. A heap-based overflow and a stack-based overflow reside in the xpm loader [CVE-2004-0782, CVE-2004-0783]. An integer overflow resides in the ico loader [CVE-2004-0788]. A remote user may be able to trigger the overflows to cause an application that uses gdk-pixbug to crash or possibly execute arbitrary code.

Impact:   A remote user may be able to cause an application using gdk-pixbug to crash or potentially execute arbitrary code with the privileges of the application.
Solution:   No upstream solution was available at the time of this entry.
Vendor URL:  ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/ (Links to External Site)
Cause:   Boundary error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 15 2004 (Red Hat Issues Fix for RHEL) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix for Red Hat Enterprise Linux.
Sep 15 2004 (Fedora Issues Fix for gtk2 for FC2) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Fedora has released a fix for gtk2 for Fedora Core 2, which is affected by the gdk-pixbug vulnerability.
Sep 16 2004 (Red Hat Issues Fix for gtk2 on RHEL) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix for gtk2 on Red Hat Enterprise Linux 3.
Sep 16 2004 (Fedora Issues Fix for FC2) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Fedora has released a fix for Fedora Core 2.
Sep 16 2004 (Mandrake Issues Fix) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Mandrake has released a fix.
Sep 16 2004 (Fedora Issues Fix for FC1) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Fedora has released a fix for Fedora Core 1.
Sep 16 2004 (Fedora Issues Fix for FC1) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Fedora has released a fix for Fedora Core 1.
Sep 16 2004 (Debian Issues Fix) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Debian has released a fix.
Sep 16 2004 (Red Hat Issues Fix for RHEL) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Sep 17 2004 (Debian Issues Fix for gtk+) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Debian has released a fix for gtk+.
Sep 17 2004 (SuSE Issues Fix) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
SuSE has released a fix.
Sep 17 2004 (Mandrake Issues Fix) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Mandrake has released a fix.
Sep 22 2004 (Gentoo Issues Fix for GTK+ 2) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Gentoo has released a fix for GTK+ 2.
Oct 18 2004 (Conectiva Issues Fix) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Conectiva has released a fix.
Jun 24 2005 (Sun Issues Final Fix for Solaris) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
Sun has issued a fix for Solaris and for Sun JDS.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC