7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.305 Low
EPSS
Percentile
96.9%
A heap overflow vulnerability exists in the XPM handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition or execution of arbitrary code.
GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user interfaces. It is used by the Gnome desktop and other applications. GdkPixbuf contains a heap overflow vulnerability in the pixbuf_create_from_xpm()
function of the XPM loading routine.
By convincing the user to open a specially crafted XPM file, an attacker could cause a denial of service by crashing the application that uses GdkPixbuf. It may also be possible to execute arbitrary code with the permissions of that application.
Apply a patch from your vendor
For vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document.
Upgrade your version of gtk+
Upgrade your system as specified by your vendor. If you need to compile the software from the original source, get gtk+ 2.4.10.
729894
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: September 17, 2004 Updated: September 20, 2004
Affected
The stable Debian distribution (3.0 alias woody) is vulnerable to
several of these problems. The matrix below explains which version
fixes which problem.`
| Gtk+2.0 gdk-pixbuf
------------------------±-----------------------------------
VU#825374 CAN-2004-0753 | not vuln 0.17.0-2woody2
VU#729894 CAN-2004-0782 | 2.0.2-5woody2 0.17.0-2woody2
VU#369358 CAN-2004-0783 | 2.0.2-5woody2 not vuln
VU#577654 CAN-2004-0788 | 2.0.2-5woody2 0.17.0-2woody2
`For the unstable distribution (sid) these problems have been fixed in
version 0.22.0-7 of gdk-pixbuf, and will be fixed soon in Gtk+2.0.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Affected
updated gtk2, gdk-pixbuf packages were already released.
These packages do not contain fixes for the remote denial-of-service
bug referenced by VU#825374 and CAN-2004-0753. This bug will be
fixed as soon as possible.
Our customers can update their systems by using the
YaST Online Update (YOU) tool or installing the RPM
file directly from <http://www.suse.de/en/private/download/updates/>
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: January 31, 2005
Not Affected
Mac OS X and Mac OS X Server do not contain the software described in this vulnerability note.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 28, 2004
Not Affected
HI-UX/WE2 is NOT Vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23729894 Feedback>).
View all 35 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Chris Evans for reporting this vulnerability.
This document was written by Will Dormann.
CVE IDs: | CVE-2004-0782 |
---|---|
Severity Metric: | 8.86 Date Public: |