Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:369358
HistoryOct 01, 2004 - 12:00 a.m.

GdkPixbuf XPM parser contains a stack overflow vulnerability

2004-10-0100:00:00
www.kb.cert.org
16

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.305 Low

EPSS

Percentile

96.9%

JSON

Overview

A stack overflow vulnerability exists in the XPM handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition or execution of arbitrary code.

Description

GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user interfaces. It is used by the Gnome desktop and other applications. GdkPixbuf contains a stack overflow vulnerability in the xpm_extract_color() function of the XPM loading routine.

Impact

By convincing the user to open a specially crafted XPM file, an attacker could cause a denial of service by crashing the application that uses GdkPixbuf. It may also be possible to execute arbitrary code with the permissions of that application.

Solution

Apply a patch from your vendor

For vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document.

Upgrade your version of gtk+

Upgrade your system as specified by your vendor. If you need to compile the software from the original source, get gtk+ 2.4.10.

Vendor Information

369358

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer Inc. __ Not Affected

Notified: September 17, 2004 Updated: January 31, 2005

Status

Not Affected

Vendor Statement

Mac OS X and Mac OS X Server do not contain the software described in this vulnerability note.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Hitachi __ Not Affected

Notified: September 17, 2004 Updated: September 28, 2004

Status

Not Affected

Vendor Statement

HI-UX/WE2 is NOT Vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

BSDI __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Conectiva __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Cray Inc. __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Debian __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

EMC Corporation __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Engarde __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

FreeBSD __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Fujitsu __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Hewlett-Packard Company __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

IBM __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

IBM eServer __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

IBM-zSeries __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Immunix __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Ingrian Networks __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Juniper Networks __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

MandrakeSoft __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

MontaVista Software __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

NEC Corporation __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

NETBSD __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Nokia __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Novell __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

OpenBSD __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Openwall GNU/*/Linux __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Redhat __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

SCO __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

SGI __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Sequent __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Sony Corporation __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

SuSE Inc. __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Sun Microsystems Inc. __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

TurboLinux __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Unisys __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

Wind River Systems Inc. __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23369358 Feedback>).

View all 35 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Chris Evans for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2004-0783
Severity Metric: 8.86 Date Public:

Related

securityvulns 2
debiancve 1
cve 1
ubuntucve 1
openvas 10
freebsd 1
nessus 15
osv 1
debian 2
cert 2
gentoo 1
redhat 2
suse 2
securityvulns
securityvulns
CESA-2004-005: gtk+ XPM decoder
2004-09-16 00:00:00
CESA-2004-004: libXpm
2004-09-16 00:00:00
debiancve
debiancve
CVE-2004-0783
2004-10-20 04:00:00
cve
cve
CVE-2004-0783
2004-10-20 04:00:00
ubuntucve
ubuntucve
CVE-2004-0783
2004-10-20 00:00:00
openvas
openvas
SLES9: Security update for gdk-pixbuf
2009-10-10 00:00:00
SLES9: Security update for GTK
2009-10-10 00:00:00
Debian Security Advisory DSA 549-1 (gtk+2.0)
2008-01-17 00:00:00
freebsd
freebsd
gdk-pixbuf -- image decoding vulnerabilities
2004-09-15 00:00:00
nessus
nessus
SUSE-SA:2004:033: gtk2, gdk-pixbuf
2004-09-17 00:00:00
Debian DSA-549-1 : gtk+ - several vulnerabilities
2004-09-29 00:00:00
SuSE9 Security Update : gdk-pixbuf (YOU Patch Number 9368)
2009-09-24 00:00:00
osv
osv
gtk+2.0 - multiple holes
2004-09-17 00:00:00
debian
debian
[SECURITY] [DSA 549-1] New gtk+2.0 packages fix several vulnerabilities
2004-09-17 09:25:18
[SECURITY] [DSA 549-1] New gtk+2.0 packages fix several vulnerabilities
2004-09-17 09:25:18
cert
cert
GdkPixbuf XPM parser contains a heap overflow vulnerability
2004-10-01 00:00:00
GdkPixbuf BMP parser may enter an infinite loop
2004-10-01 00:00:00
gentoo
gentoo
GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities
2004-09-21 00:00:00
redhat
redhat
(RHSA-2004:466) gtk2 security update
2004-09-15 00:00:00
(RHSA-2004:447) gdk-pixbuf security update
2004-09-15 00:00:00
suse
suse
remote code execution in gtk2, gdk-pixbuf
2004-09-17 10:02:50
remote denial-of-service in apache2
2004-09-15 15:46:39

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.305 Low

EPSS

Percentile

96.9%

JSON
Related for VU:369358
securityvulns2debiancve1cve1ubuntucve1openvas10freebsd1nessus15osv1debian2cert2gentoo1redhat2suse2