Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:577654
HistoryOct 01, 2004 - 12:00 a.m.

GdkPixbuf ICO parser contains an integer overflow vulnerability

2004-10-0100:00:00
www.kb.cert.org
12

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.176 Low

EPSS

Percentile

96.1%

JSON

Overview

An integer overflow vulnerability exists in the ICO handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition.

Description

GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user interfaces. It is used by the Gnome desktop and other applications. GdkPixbuf contains an integer overflow vulnerability in the DecodeHeader() function of the ICO loading routine.

Impact

By convincing the user to open a specially crafted ICO file, an attacker could cause a denial of service by crashing the application that uses GdkPixbuf.

Solution

Apply a patch from your vendor

For vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document.

Upgrade your version of gtk+

Upgrade your system as specified by your vendor. If you need to compile the software from the original source, get gtk+ 2.4.10.

Vendor Information

577654

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer Inc. __ Not Affected

Notified: September 17, 2004 Updated: January 31, 2005

Status

Not Affected

Vendor Statement

Mac OS X and Mac OS X Server do not contain the software described in this vulnerability note.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

BSDI __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Conectiva __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Cray Inc. __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Debian __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

EMC Corporation __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Engarde __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

FreeBSD __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Fujitsu __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Hewlett-Packard Company __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Hitachi __ Unknown

Notified: September 17, 2004 Updated: September 28, 2004

Status

Unknown

Vendor Statement

HI-UX/WE2 is NOT Vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

IBM __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

IBM eServer __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

IBM-zSeries __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Immunix __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Ingrian Networks __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Juniper Networks __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

MandrakeSoft __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

MontaVista Software __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

NEC Corporation __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

NETBSD __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Nokia __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Novell __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

OpenBSD __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Openwall GNU/*/Linux __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Redhat __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

SCO __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

SGI __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Sequent __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Sony Corporation __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

SuSE Inc. __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Sun Microsystems Inc. __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

TurboLinux __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Unisys __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

Wind River Systems Inc. __ Unknown

Notified: September 17, 2004 Updated: September 20, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23577654 Feedback>).

View all 35 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Chris Evans for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2004-0788
Severity Metric: 1.77 Date Public:

Related

checkpoint_advisories 1
cve 1
debiancve 1
ubuntucve 1
openvas 12
freebsd 1
osv 2
debian 4
nessus 14
gentoo 1
cert 2
redhat 2
suse 2
checkpoint_advisories
checkpoint_advisories
CVS File Existence Information Disclosure (CVE-2004-0788)
2009-10-14 00:00:00
cve
cve
CVE-2004-0788
2004-10-20 04:00:00
debiancve
debiancve
CVE-2004-0788
2004-10-20 04:00:00
ubuntucve
ubuntucve
CVE-2004-0788
2004-10-20 00:00:00
openvas
openvas
SLES9: Security update for gdk-pixbuf
2009-10-10 00:00:00
SLES9: Security update for GTK
2009-10-10 00:00:00
Debian Security Advisory DSA 549-1 (gtk+2.0)
2008-01-17 00:00:00
freebsd
freebsd
gdk-pixbuf -- image decoding vulnerabilities
2004-09-15 00:00:00
osv
osv
gtk+2.0 - multiple holes
2004-09-17 00:00:00
gdk-pixbuf - several vulnerabilities
2004-09-16 00:00:00
debian
debian
[SECURITY] [DSA 549-1] New gtk+2.0 packages fix several vulnerabilities
2004-09-17 09:25:18
[SECURITY] [DSA 546-1] New gdk-pixbuf packages fix several vulnerabilities
2004-09-16 09:02:33
[SECURITY] [DSA 549-1] New gtk+2.0 packages fix several vulnerabilities
2004-09-17 09:25:18
nessus
nessus
Debian DSA-549-1 : gtk+ - several vulnerabilities
2004-09-29 00:00:00
SUSE-SA:2004:033: gtk2, gdk-pixbuf
2004-09-17 00:00:00
SuSE9 Security Update : gdk-pixbuf (YOU Patch Number 9368)
2009-09-24 00:00:00
gentoo
gentoo
GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities
2004-09-21 00:00:00
cert
cert
GdkPixbuf XPM parser contains a heap overflow vulnerability
2004-10-01 00:00:00
GdkPixbuf BMP parser may enter an infinite loop
2004-10-01 00:00:00
redhat
redhat
(RHSA-2004:466) gtk2 security update
2004-09-15 00:00:00
(RHSA-2004:447) gdk-pixbuf security update
2004-09-15 00:00:00
suse
suse
remote code execution in gtk2, gdk-pixbuf
2004-09-17 10:02:50
remote denial-of-service in apache2
2004-09-15 15:46:39

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.176 Low

EPSS

Percentile

96.1%

JSON
Related for VU:577654
checkpoint_advisories1cve1debiancve1ubuntucve1openvas12freebsd1osv2debian4nessus14gentoo1cert2redhat2suse2