GdkPixbuf BMP parser may enter an infinite loop

2004-10-01T00:00:00
ID VU:825374
Type cert
Reporter CERT
Modified 2004-11-02T00:00:00

Description

Overview

A vulnerability exists in the BMP handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition.

Description

GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user interfaces. It is used by the Gnome desktop and other applications. GdkPixbuf contains a heap overflow vulnerability in the DoCompressed() function of the BMP loading routine.


Impact

By convincing the user to open a specially crafted BMP file, an attacker could cause a denial of service by crashing the application that uses GdkPixbuf.


Solution

Apply a patch from your vendor

For vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document.

Upgrade your version of gtk+

Upgrade your system as specified by your vendor. If you need to compile the software from the original source, get gtk+ 2.4.10.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Debian| | 17 Sep 2004| 20 Sep 2004
SuSE Inc.| | 17 Sep 2004| 20 Sep 2004
Apple Computer Inc.| | 17 Sep 2004| 31 Jan 2005
Hitachi| | 17 Sep 2004| 28 Sep 2004
BSDI| | 17 Sep 2004| 20 Sep 2004
Conectiva| | 17 Sep 2004| 20 Sep 2004
Cray Inc.| | 17 Sep 2004| 20 Sep 2004
EMC Corporation| | 17 Sep 2004| 20 Sep 2004
Engarde| | 17 Sep 2004| 20 Sep 2004
FreeBSD| | 17 Sep 2004| 20 Sep 2004
Fujitsu| | 17 Sep 2004| 20 Sep 2004
Hewlett-Packard Company| | 17 Sep 2004| 20 Sep 2004
IBM| | 17 Sep 2004| 20 Sep 2004
IBM-zSeries| | 17 Sep 2004| 20 Sep 2004
IBM eServer| | 17 Sep 2004| 20 Sep 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://secunia.com/advisories/12542/>
  • <http://www.securitytracker.com/alerts/2004/Sep/1011285.html>
  • <http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:095>
  • <https://rhn.redhat.com/errata/RHSA-2004-447.html>

Credit

This vulnerability was reported by the Red Hat Security Response Team.

This document was written by Will Dormann.

Other Information

  • CVE IDs: CAN-2004-0753
  • Date Public: 15 Sep 2004
  • Date First Published: 01 Oct 2004
  • Date Last Updated: 02 Nov 2004
  • Severity Metric: 1.77
  • Document Revision: 11