Search...

Debian DSA-913-1 : gdk-pixbuf - several vulnerabilities

2006-10-14T00:00:00

ID DEBIAN_DSA-913.NASL
Type nessus
Reporter This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
Modified 2006-10-14T00:00:00

Description

Several vulnerabilities have been found in gdk-pixbuf, the Gtk+ GdkPixBuf XPM image rendering library. The Common Vulnerabilities and Exposures project identifies the following problems :

CVE-2005-2975 Ludwig Nussel discovered an infinite loop when processing XPM images that allows an attacker to cause a denial of service via a specially crafted XPM file.

CVE-2005-2976 Ludwig Nussel discovered an integer overflow in the way XPM images are processed that could lead to the execution of arbitrary code or crash the application via a specially crafted XPM file.

CVE-2005-3186 'infamous41md' discovered an integer in the XPM processing routine that can be used to execute arbitrary code via a traditional heap overflow.

                                        
                                            #%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-913. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(22779);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2005-2975", "CVE-2005-2976", "CVE-2005-3186");
  script_bugtraq_id(15428);
  script_xref(name:"DSA", value:"913");

  script_name(english:"Debian DSA-913-1 : gdk-pixbuf - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been found in gdk-pixbuf, the Gtk+
GdkPixBuf XPM image rendering library. The Common Vulnerabilities and
Exposures project identifies the following problems :

  - CVE-2005-2975
    Ludwig Nussel discovered an infinite loop when
    processing XPM images that allows an attacker to cause a
    denial of service via a specially crafted XPM file.

  - CVE-2005-2976
    Ludwig Nussel discovered an integer overflow in the way
    XPM images are processed that could lead to the
    execution of arbitrary code or crash the application via
    a specially crafted XPM file.

  - CVE-2005-3186
    'infamous41md' discovered an integer in the XPM
    processing routine that can be used to execute arbitrary
    code via a traditional heap overflow."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2005/dsa-913"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the gdk-pixbuf packages.

The following matrix explains which versions fix these problems :

                     old stable (woody)  stable (sarge)      unstable (sid)      
  gdk-pixbuf          0.17.0-2woody3      0.22.0-8.1          0.22.0-11           
  gtk+2.0             2.0.2-5woody3       2.6.4-3.1           2.6.10-2"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gdk-pixbuf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/12/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"libgdk-pixbuf-dev", reference:"0.17.0-2woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libgdk-pixbuf-gnome-dev", reference:"0.17.0-2woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libgdk-pixbuf-gnome2", reference:"0.17.0-2woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libgdk-pixbuf2", reference:"0.17.0-2woody3")) flag++;
if (deb_check(release:"3.1", prefix:"libgdk-pixbuf-dev", reference:"0.22.0-8.1")) flag++;
if (deb_check(release:"3.1", prefix:"libgdk-pixbuf-gnome-dev", reference:"0.22.0-8.1")) flag++;
if (deb_check(release:"3.1", prefix:"libgdk-pixbuf-gnome2", reference:"0.22.0-8.1")) flag++;
if (deb_check(release:"3.1", prefix:"libgdk-pixbuf2", reference:"0.22.0-8.1")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "DEBIAN_DSA-913.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-913-1 : gdk-pixbuf - several vulnerabilities", "description": "Several vulnerabilities have been found in gdk-pixbuf, the Gtk+\nGdkPixBuf XPM image rendering library. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2005-2975\n Ludwig Nussel discovered an infinite loop when\n processing XPM images that allows an attacker to cause a\n denial of service via a specially crafted XPM file.\n\n - CVE-2005-2976\n Ludwig Nussel discovered an integer overflow in the way\n XPM images are processed that could lead to the\n execution of arbitrary code or crash the application via\n a specially crafted XPM file.\n\n - CVE-2005-3186\n 'infamous41md' discovered an integer in the XPM\n processing routine that can be used to execute arbitrary\n code via a traditional heap overflow.", "published": "2006-10-14T00:00:00", "modified": "2006-10-14T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/22779", "reporter": "This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.", "references": ["http://www.debian.org/security/2005/dsa-913", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431"], "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "type": "nessus", "lastseen": "2021-01-06T10:03:41", "edition": 27, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2976", "CVE-2005-3186", "CVE-2005-2975"]}, {"type": "ubuntu", "idList": ["USN-216-1"]}, {"type": "openvas", "idList": ["OPENVAS:55891", "OPENVAS:65459", "OPENVAS:136141256231065459", "OPENVAS:55944", "OPENVAS:55941"]}, {"type": "centos", "idList": ["CESA-2005:811", "CESA-2005:810-01", "CESA-2005:810"]}, {"type": "suse", "idList": ["SUSE-SA:2005:065"]}, {"type": "gentoo", "idList": ["GLSA-200511-14"]}, {"type": "debian", "idList": ["DEBIAN:DSA-913-1:5B923", "DEBIAN:DSA-911-1:05F7B"]}, {"type": "nessus", "idList": ["FEDORA_2005-1086.NASL", "FEDORA_2005-1085.NASL", "REDHAT-RHSA-2005-810.NASL", "SUSE9_10558.NASL", "UBUNTU_USN-216-1.NASL", "GENTOO_GLSA-200511-14.NASL", "SUSE_SA_2005_065.NASL", "FEDORA_2005-1088.NASL", "CENTOS_RHSA-2005-810.NASL", "DEBIAN_DSA-911.NASL"]}, {"type": "redhat", "idList": ["RHSA-2005:811", "RHSA-2005:810"]}, {"type": "osvdb", "idList": ["OSVDB:20842", "OSVDB:20841", "OSVDB:20840"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:10246"]}], "modified": "2021-01-06T10:03:41", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-01-06T10:03:41", "rev": 2}, "vulnersScore": 7.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-913. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22779);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2975\", \"CVE-2005-2976\", \"CVE-2005-3186\");\n script_bugtraq_id(15428);\n script_xref(name:\"DSA\", value:\"913\");\n\n script_name(english:\"Debian DSA-913-1 : gdk-pixbuf - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in gdk-pixbuf, the Gtk+\nGdkPixBuf XPM image rendering library. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2005-2975\n Ludwig Nussel discovered an infinite loop when\n processing XPM images that allows an attacker to cause a\n denial of service via a specially crafted XPM file.\n\n - CVE-2005-2976\n Ludwig Nussel discovered an integer overflow in the way\n XPM images are processed that could lead to the\n execution of arbitrary code or crash the application via\n a specially crafted XPM file.\n\n - CVE-2005-3186\n 'infamous41md' discovered an integer in the XPM\n processing routine that can be used to execute arbitrary\n code via a traditional heap overflow.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-913\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gdk-pixbuf packages.\n\nThe following matrix explains which versions fix these problems :\n\n old stable (woody) stable (sarge) unstable (sid) \n gdk-pixbuf 0.17.0-2woody3 0.22.0-8.1 0.22.0-11 \n gtk+2.0 2.0.2-5woody3 2.6.4-3.1 2.6.10-2\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gdk-pixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libgdk-pixbuf-dev\", reference:\"0.17.0-2woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libgdk-pixbuf-gnome-dev\", reference:\"0.17.0-2woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libgdk-pixbuf-gnome2\", reference:\"0.17.0-2woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libgdk-pixbuf2\", reference:\"0.17.0-2woody3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgdk-pixbuf-dev\", reference:\"0.22.0-8.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgdk-pixbuf-gnome-dev\", reference:\"0.22.0-8.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgdk-pixbuf-gnome2\", reference:\"0.22.0-8.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgdk-pixbuf2\", reference:\"0.22.0-8.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "22779", "cpe": ["p-cpe:/a:debian:debian_linux:gdk-pixbuf", "cpe:/o:debian:debian_linux:3.1", "cpe:/o:debian:debian_linux:3.0"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:22:21", "description": "Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.", "edition": 5, "cvss3": {}, "published": "2005-11-18T06:03:00", "title": "CVE-2005-2976", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2976"], "modified": "2018-10-19T15:34:00", "cpe": ["cpe:/a:gtk:gtk\\+:1.2.1", "cpe:/a:gtk:gtk\\+:2.6.10", "cpe:/a:gtk:gtk\\+:2.4.9", "cpe:/a:gtk:gtk\\+:1.2.7", "cpe:/a:gtk:gtk\\+:2.3.1", "cpe:/a:gtk:gtk\\+:2.7.2", "cpe:/a:gtk:gtk\\+:2.5.5", "cpe:/a:gtk:gtk\\+:2.6.9", "cpe:/a:gtk:gtk\\+:1.2.2", "cpe:/a:gtk:gtk\\+:2.4.10", "cpe:/a:gtk:gtk\\+:1.2.10", "cpe:/a:gtk:gtk\\+:2.1.4", "cpe:/a:gtk:gtk\\+:2.4.12", "cpe:/a:gtk:gtk\\+:2.3.5", "cpe:/a:gtk:gtk\\+:1.3.12", "cpe:/a:gtk:gtk\\+:2.6.6", "cpe:/a:gtk:gtk\\+:2.3.3", "cpe:/a:gtk:gtk\\+:2.5.4", "cpe:/a:gtk:gtk\\+:1.3.15", "cpe:/a:gtk:gtk\\+:2.7.3", "cpe:/a:gtk:gtk\\+:2.5.3", "cpe:/a:gtk:gtk\\+:2.4.3", "cpe:/a:gtk:gtk\\+:2.2.3", "cpe:/a:gtk:gtk\\+:2.6.4", "cpe:/a:gtk:gtk\\+:2.7.5", "cpe:/a:gtk:gtk\\+:1.2.5", "cpe:/a:gtk:gtk\\+:2.4.7", "cpe:/a:gtk:gtk\\+:2.6.7", "cpe:/a:gtk:gtk\\+:2.4.11", "cpe:/a:gtk:gtk\\+:2.8.0", "cpe:/a:gtk:gtk\\+:1.2.6", "cpe:/a:gtk:gtk\\+:2.2.1", "cpe:/a:gtk:gtk\\+:2.5.6", "cpe:/a:gtk:gtk\\+:2.6.8", "cpe:/a:gtk:gtk\\+:2.1.0", "cpe:/a:gtk:gtk\\+:2.4.14", "cpe:/a:gtk:gtk\\+:2.1.1", "cpe:/a:gtk:gtk\\+:2.8.4", "cpe:/a:gtk:gtk\\+:2.8.3", "cpe:/a:gtk:gtk\\+:2.1.3", "cpe:/a:gtk:gtk\\+:1.2.4", "cpe:/a:gtk:gtk\\+:2.3.2", "cpe:/a:gtk:gtk\\+:1.3.11", "cpe:/a:gtk:gtk\\+:2.6.5", "cpe:/a:gtk:gtk\\+:2.6.3", "cpe:/a:gtk:gtk\\+:1.2.3", "cpe:/a:gtk:gtk\\+:2.5.0", "cpe:/a:gtk:gtk\\+:2.8.6", "cpe:/a:gtk:gtk\\+:1.3.10", "cpe:/a:gtk:gtk\\+:2.8.5", "cpe:/a:gtk:gtk\\+:2.4.4", "cpe:/a:gtk:gtk\\+:2.4.0", "cpe:/a:gtk:gtk\\+:2.4.5", "cpe:/a:gtk:gtk\\+:2.4.13", "cpe:/a:gtk:gtk\\+:2.2.0", "cpe:/a:gtk:gtk\\+:2.6.1", "cpe:/a:gtk:gtk\\+:2.3.4", "cpe:/a:gtk:gtk\\+:1.1.12", "cpe:/a:gtk:gtk\\+:2.8.1", "cpe:/a:gtk:gtk\\+:1.2.0", "cpe:/a:gtk:gtk\\+:2.7.0", "cpe:/a:gtk:gtk\\+:2.6.2", "cpe:/a:gtk:gtk\\+:2.7.1", "cpe:/a:gtk:gtk\\+:2.4.6", "cpe:/a:gtk:gtk\\+:2.8.2", "cpe:/a:gtk:gtk\\+:2.3.6", "cpe:/a:gtk:gtk\\+:1.2.9", "cpe:/a:gnome:gdkpixbuf:0.22", "cpe:/a:gtk:gtk\\+:2.3.0", "cpe:/a:gtk:gtk\\+:2.1.5", "cpe:/a:gtk:gtk\\+:1.3.14", "cpe:/a:gtk:gtk\\+:2.4.8", "cpe:/a:gtk:gtk\\+:2.5.2", "cpe:/a:gtk:gtk\\+:2.2.2", "cpe:/a:gtk:gtk\\+:2.4.1", "cpe:/a:gtk:gtk\\+:1.3.13", "cpe:/a:gtk:gtk\\+:1.3.9", "cpe:/a:gtk:gtk\\+:2.6.0", "cpe:/a:gtk:gtk\\+:2.2.4", "cpe:/a:gtk:gtk\\+:1.2.8", "cpe:/a:gtk:gtk\\+:2.4.2", "cpe:/a:gtk:gtk\\+:2.7.4", "cpe:/a:gtk:gtk\\+:2.1.2", "cpe:/a:gtk:gtk\\+:1.1.15", "cpe:/a:gtk:gtk\\+:2.5.1"], "id": "CVE-2005-2976", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2976", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gtk:gtk\\+:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:gdkpixbuf:0.22:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:34:56", "description": "Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.", "edition": 3, "cvss3": {}, "published": "2005-11-18T06:03:00", "title": "CVE-2005-3186", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-3186"], "modified": "2018-10-19T15:34:00", "cpe": ["cpe:/a:gtk:gtk\\+:2.4.0", "cpe:/a:gnome:gdkpixbuf:*"], "id": "CVE-2005-3186", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3186", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gtk:gtk\\+:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:gdkpixbuf:*:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:34:56", "description": "io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.", "edition": 3, "cvss3": {}, "published": "2005-11-18T06:03:00", "title": "CVE-2005-2975", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2975"], "modified": "2018-10-19T15:34:00", "cpe": ["cpe:/a:gtk:gtk\\+:2.0.8", "cpe:/a:gtk:gtk\\+:2.0.5", "cpe:/a:gtk:gtk\\+:2.0.6", "cpe:/a:gtk:gtk\\+:2.2.3", "cpe:/a:gtk:gtk\\+:2.0.7", "cpe:/a:gtk:gtk\\+:*", "cpe:/a:gtk:gtk\\+:2.0.3", "cpe:/a:gtk:gtk\\+:2.2.1", "cpe:/a:gtk:gtk\\+:2.0.1", "cpe:/a:gtk:gtk\\+:2.0.4", "cpe:/a:gtk:gtk\\+:2.0.0", "cpe:/a:gtk:gtk\\+:2.0.2", "cpe:/a:gtk:gtk\\+:2.4.0", "cpe:/a:gtk:gtk\\+:2.0.9", "cpe:/a:gnome:gdkpixbuf:*", "cpe:/a:gtk:gtk\\+:2.2.4", "cpe:/a:gtk:gtk\\+:1.2.8", "cpe:/a:gtk:gtk\\+:2.0.18"], "id": "CVE-2005-2975", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2975", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:gtk:gtk\\+:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:*:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:gdkpixbuf:*:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gtk:gtk\\+:2.0.9:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T19:43:21", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "description": "Two integer overflows have been discovered in the XPM image loader of \nthe GDK pixbuf library. By tricking an user into opening a specially \ncrafted XPM image with any Gnome desktop application that uses this \nlibrary, this could be exploited to execute arbitrary code with the \nprivileges of the user running the application. \n(CVE-2005-2976, CVE-2005-3186)\n\nAdditionally, specially crafted XPM images could cause an endless loop \nin the image loader, which could be exploited to cause applications \ntrying to open that image to hang. (CVE-2005-2975)", "edition": 5, "modified": "2005-11-16T00:00:00", "published": "2005-11-16T00:00:00", "id": "USN-216-1", "href": "https://ubuntu.com/security/notices/USN-216-1", "title": "GDK vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:50:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200511-14.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:55891", "href": "http://plugins.openvas.org/nasl.php?oid=55891", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200511-14 (gtk+)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GdkPixbuf library, that is also included in GTK+ 2, contains\nvulnerabilities that could lead to a Denial of Service or the execution of\narbitrary code.\";\ntag_solution = \"All GTK+ 2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose x11-libs/gtk+\n\nAll GdkPixbuf users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/gdk-pixbuf-0.22.0-r5'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200511-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=112608\nhttp://www.idefense.com/application/poi/display?id=339&type=vulnerabilities\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200511-14.\";\n\n \n\nif(description)\n{\n script_id(55891);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-2975\", \"CVE-2005-2976\", \"CVE-2005-3186\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200511-14 (gtk+)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"x11-libs/gtk+\", unaffected: make_list(\"ge 2.8.6-r1\", \"rge 2.6.10-r1\", \"lt 2.0\"), vulnerable: make_list(\"lt 2.8.6-r1\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"media-libs/gdk-pixbuf\", unaffected: make_list(\"ge 0.22.0-r5\"), vulnerable: make_list(\"lt 0.22.0-r5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "description": "The remote host is missing an update to gtk+2.0\nannounced via advisory DSA 911-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:55941", "href": "http://plugins.openvas.org/nasl.php?oid=55941", "type": "openvas", "title": "Debian Security Advisory DSA 911-1 (gtk+2.0)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_911_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 911-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf\nXPM image rendering library. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2005-2975\n\nLudwig Nussel discovered an infinite loop when processing XPM\nimages that allows an attacker to cause a denial of service via a\nspecially crafted XPM file.\n\nCVE-2005-2976\n\nLudwig Nussel discovered an integer overflow in the way XPM images\nare processed that could lead to the execution of arbitrary code\nor crash the application via a specially crafted XPM file.\n\nCVE-2005-3186\n\ninfamous41md discovered an integer in the XPM processing routine\nthat can be used to execute arbitrary code via a traditional heap\noverflow.\n\nThe following matrix explains which versions fix these problems:\n\nold stable (woody) stable (sarge) unstable (sid)\ngdk-pixbuf 0.17.0-2woody3 0.22.0-8.1 0.22.0-11\ngtk+2.0 2.0.2-5woody3 2.6.4-3.1 2.6.10-2\n\nWe recommend that you upgrade your gtk+2.0 packages.\";\ntag_summary = \"The remote host is missing an update to gtk+2.0\nannounced via advisory DSA 911-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20911-1\";\n\nif(description)\n{\n script_id(55941);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-2975\", \"CVE-2005-2976\", \"CVE-2005-3186\");\n script_bugtraq_id(15428);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Debian Security Advisory DSA 911-1 (gtk+2.0)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libgtk2.0-doc\", ver:\"2.0.2-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gtk2.0-examples\", ver:\"2.0.2-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgtk-common\", ver:\"2.0.2-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgtk2.0-0\", ver:\"2.0.2-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgtk2.0-common\", ver:\"2.0.2-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgtk2.0-dbg\", ver:\"2.0.2-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgtk2.0-dev\", ver:\"2.0.2-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgtk2.0-common\", ver:\"2.6.4-3.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgtk2.0-doc\", ver:\"2.6.4-3.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gtk2-engines-pixbuf\", ver:\"2.6.4-3.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gtk2.0-examples\", ver:\"2.6.4-3.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgtk2.0-0\", ver:\"2.6.4-3.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgtk2.0-0-dbg\", ver:\"2.6.4-3.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgtk2.0-bin\", ver:\"2.6.4-3.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgtk2.0-dev\", ver:\"2.6.4-3.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "description": "The remote host is missing an update to gdk-pixbuf\nannounced via advisory DSA 913-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:55944", "href": "http://plugins.openvas.org/nasl.php?oid=55944", "type": "openvas", "title": "Debian Security Advisory DSA 913-1 (gdk-pixbuf)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_913_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 913-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in gdk-pixbuf, the Gtk+\nGdkPixBuf XPM image rendering library. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2005-2975\n\nLudwig Nussel discovered an infinite loop when processing XPM\nimages that allows an attacker to cause a denial of service via a\nspecially crafted XPM file.\n\nCVE-2005-2976\n\nLudwig Nussel discovered an integer overflow in the way XPM images\nare processed that could lead to the execution of arbitrary code\nor crash the application via a specially crafted XPM file.\n\nCVE-2005-3186\n\ninfamous41md discovered an integer in the XPM processing routine\nthat can be used to execute arbitrary code via a traditional heap\noverflow.\n\nThe following matrix explains which versions fix these problems:\n\nold stable (woody) stable (sarge) unstable (sid)\ngdk-pixbuf 0.17.0-2woody3 0.22.0-8.1 0.22.0-11\ngtk+2.0 2.0.2-5woody3 2.6.4-3.1 2.6.10-2\n\nWe recommend that you upgrade your gdk-pixbuf packages.\";\ntag_summary = \"The remote host is missing an update to gdk-pixbuf\nannounced via advisory DSA 913-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20913-1\";\n\nif(description)\n{\n script_id(55944);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-2975\", \"CVE-2005-2976\", \"CVE-2005-3186\");\n script_bugtraq_id(15428);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Debian Security Advisory DSA 913-1 (gdk-pixbuf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf-dev\", ver:\"0.17.0-2woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf-gnome-dev\", ver:\"0.17.0-2woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf-gnome2\", ver:\"0.17.0-2woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2\", ver:\"0.17.0-2woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf-dev\", ver:\"0.22.0-8.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf-gnome-dev\", ver:\"0.22.0-8.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf-gnome2\", ver:\"0.22.0-8.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2\", ver:\"0.22.0-8.1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gdk-pixbuf\n gdk-pixbuf-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018289 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65459", "href": "http://plugins.openvas.org/nasl.php?oid=65459", "type": "openvas", "title": "SLES9: Security update for gdk-pixbuf", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5018289.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for gdk-pixbuf\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gdk-pixbuf\n gdk-pixbuf-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018289 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65459);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3186\", \"CVE-2005-2975\", \"CVE-2005-2976\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for gdk-pixbuf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gdk-pixbuf\", rpm:\"gdk-pixbuf~0.22.0~62.13\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gdk-pixbuf\n gdk-pixbuf-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018289 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065459", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065459", "type": "openvas", "title": "SLES9: Security update for gdk-pixbuf", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5018289.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for gdk-pixbuf\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gdk-pixbuf\n gdk-pixbuf-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018289 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65459\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3186\", \"CVE-2005-2975\", \"CVE-2005-2976\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for gdk-pixbuf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gdk-pixbuf\", rpm:\"gdk-pixbuf~0.22.0~62.13\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:24:37", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "description": "**CentOS Errata and Security Advisory** CESA-2005:810\n\n\nThe gdk-pixbuf package contains an image loading library used with the\r\nGNOME GUI desktop environment.\r\n\r\nA bug was found in the way gdk-pixbuf processes XPM images. An attacker\r\ncould create a carefully crafted XPM file in such a way that it could cause\r\nan application linked with gdk-pixbuf to execute arbitrary code when the\r\nfile was opened by a victim. The Common Vulnerabilities and Exposures\r\nproject has assigned the name CVE-2005-3186 to this issue.\r\n\r\nLudwig Nussel discovered an integer overflow bug in the way gdk-pixbuf\r\nprocesses XPM images. An attacker could create a carefully crafted XPM file\r\nin such a way that it could cause an application linked with gdk-pixbuf to\r\nexecute arbitrary code or crash when the file was opened by a victim. The\r\nCommon Vulnerabilities and Exposures project has assigned the name\r\nCVE-2005-2976 to this issue.\r\n\r\nLudwig Nussel also discovered an infinite-loop denial of service bug in the\r\nway gdk-pixbuf processes XPM images. An attacker could create a carefully\r\ncrafted XPM file in such a way that it could cause an application linked\r\nwith gdk-pixbuf to stop responding when the file was opened by a victim.\r\nThe Common Vulnerabilities and Exposures project has assigned the name\r\nCVE-2005-2975 to this issue.\r\n\r\nUsers of gdk-pixbuf are advised to upgrade to these updated packages, which\r\ncontain backported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024456.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024457.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024462.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024463.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024464.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024466.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024468.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024469.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024470.html\n\n**Affected packages:**\ngdk-pixbuf\ngdk-pixbuf-devel\ngdk-pixbuf-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-810.html", "edition": 3, "modified": "2005-11-15T21:02:30", "published": "2005-11-15T16:47:15", "href": "http://lists.centos.org/pipermail/centos-announce/2005-November/024456.html", "id": "CESA-2005:810", "title": "gdk security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-20T18:27:25", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "description": "**CentOS Errata and Security Advisory** CESA-2005:810-01\n\n\nThe gdk-pixbuf package contains an image loading library used with the\r\nGNOME GUI desktop environment.\r\n\r\nA bug was found in the way gdk-pixbuf processes XPM images. An attacker\r\ncould create a carefully crafted XPM file in such a way that it could cause\r\nan application linked with gdk-pixbuf to execute arbitrary code when the\r\nfile was opened by a victim. The Common Vulnerabilities and Exposures\r\nproject has assigned the name CVE-2005-3186 to this issue.\r\n\r\nLudwig Nussel discovered an integer overflow bug in the way gdk-pixbuf\r\nprocesses XPM images. An attacker could create a carefully crafted XPM file\r\nin such a way that it could cause an application linked with gdk-pixbuf to\r\nexecute arbitrary code or crash when the file was opened by a victim. The\r\nCommon Vulnerabilities and Exposures project has assigned the name\r\nCVE-2005-2976 to this issue.\r\n\r\nLudwig Nussel also discovered an infinite-loop denial of service bug in the\r\nway gdk-pixbuf processes XPM images. An attacker could create a carefully\r\ncrafted XPM file in such a way that it could cause an application linked\r\nwith gdk-pixbuf to stop responding when the file was opened by a victim.\r\nThe Common Vulnerabilities and Exposures project has assigned the name\r\nCVE-2005-2975 to this issue.\r\n\r\nUsers of gdk-pixbuf are advised to upgrade to these updated packages, which\r\ncontain backported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024474.html\n\n**Affected packages:**\ngdk-pixbuf\ngdk-pixbuf-devel\ngdk-pixbuf-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 3, "modified": "2005-11-16T22:24:45", "published": "2005-11-16T22:24:45", "href": "http://lists.centos.org/pipermail/centos-announce/2005-November/024474.html", "id": "CESA-2005:810-01", "title": "gdk security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-20T18:25:38", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3186", "CVE-2005-2975"], "description": "**CentOS Errata and Security Advisory** CESA-2005:811\n\n\nThe gtk2 package contains the GIMP ToolKit (GTK+), a library for creating\r\ngraphical user interfaces for the X Window System.\r\n\r\nA bug was found in the way gtk2 processes XPM images. An attacker could\r\ncreate a carefully crafted XPM file in such a way that it could cause an\r\napplication linked with gtk2 to execute arbitrary code when the file was\r\nopened by a victim. The Common Vulnerabilities and Exposures project has\r\nassigned the name CVE-2005-3186 to this issue.\r\n\r\nLudwig Nussel discovered an infinite-loop denial of service bug in the way\r\ngtk2 processes XPM images. An attacker could create a carefully crafted XPM\r\nfile in such a way that it could cause an application linked with gtk2 to\r\nstop responding when the file was opened by a victim. The Common\r\nVulnerabilities and Exposures project has assigned the name CVE-2005-2975\r\nto this issue.\r\n\r\nUsers of gtk2 are advised to upgrade to these updated packages, which\r\ncontain backported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024458.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024459.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024460.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024461.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024465.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024467.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024471.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024472.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024473.html\n\n**Affected packages:**\ngtk2\ngtk2-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-811.html", "edition": 4, "modified": "2005-11-16T06:25:42", "published": "2005-11-15T16:49:00", "href": "http://lists.centos.org/pipermail/centos-announce/2005-November/024458.html", "id": "CESA-2005:811", "title": "gtk2 security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:57:27", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "description": "The image loading library of the gdk-pixbug/gtk2 package is vulnerable to several security-related bugs. This makes every application (mostly GNOME applications) which is linked against this library vulnerable too.\n#### Solution\nnone", "edition": 1, "modified": "2005-11-16T13:09:41", "published": "2005-11-16T13:09:41", "id": "SUSE-SA:2005:065", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-11/msg00011.html", "title": "remote code execution in gtk2, gdk-pixbuf", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:16", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "description": "### Background\n\nGTK+ (the GIMP Toolkit) is a toolkit for creating graphical user interfaces. The GdkPixbuf library provides facilities for image handling. It is available as a standalone library and also packaged with GTK+ 2. \n\n### Description\n\niDEFENSE reported a possible heap overflow in the XPM loader (CVE-2005-3186). Upon further inspection, Ludwig Nussel discovered two additional issues in the XPM processing functions : an integer overflow (CVE-2005-2976) that affects only gdk-pixbuf, and an infinite loop (CVE-2005-2975). \n\n### Impact\n\nUsing a specially crafted XPM image an attacker could cause an affected application to enter an infinite loop or trigger the overflows, potentially allowing the execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll GTK+ 2 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose x11-libs/gtk+\n\nAll GdkPixbuf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/gdk-pixbuf-0.22.0-r5\"", "edition": 1, "modified": "2005-11-16T00:00:00", "published": "2005-11-16T00:00:00", "id": "GLSA-200511-14", "href": "https://security.gentoo.org/glsa/200511-14", "type": "gentoo", "title": "GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:25:51", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 913-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nDecember 1st, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : gdk-pixbuf\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2005-2975 CVE-2005-2976 CVE-2005-3186\nBugTraq ID : 15428\nDebian Bug : 339431\n\nSeveral vulnerabilities have been found in gdk-pixbuf, the Gtk+\nGdkPixBuf XPM image rendering library. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2005-2975\n\n Ludwig Nussel discovered an infinite loop when processing XPM\n images that allows an attacker to cause a denial of service via a\n specially crafted XPM file.\n\nCVE-2005-2976\n\n Ludwig Nussel discovered an integer overflow in the way XPM images\n are processed that could lead to the execution of arbitrary code\n or crash the application via a specially crafted XPM file.\n\nCVE-2005-3186\n\n "infamous41md" discovered an integer in the XPM processing routine\n that can be used to execute arbitrary code via a traditional heap\n overflow.\n\nThe following matrix explains which versions fix these problems:\n\n old stable (woody) stable (sarge) unstable (sid)\ngdk-pixbuf 0.17.0-2woody3 0.22.0-8.1 0.22.0-11\ngtk+2.0 2.0.2-5woody3 2.6.4-3.1 2.6.10-2\n\nWe recommend that you upgrade your gdk-pixbuf packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody3.dsc\n Size/MD5 checksum: 706 148ab895e798cb66959ae0bf7c725424\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody3.diff.gz\n Size/MD5 checksum: 20031 7851718d740e6e6a629e462b87269234\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0.orig.tar.gz\n Size/MD5 checksum: 547194 021914ad9104f265527c28220315e542\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_alpha.deb\n Size/MD5 checksum: 177066 edf14dd71b77d893ca27c7768dd0a9f4\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_alpha.deb\n Size/MD5 checksum: 9730 52bcd65497f80d9f9b649f2dff012436\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_alpha.deb\n Size/MD5 checksum: 8874 1d7cfd64edf8fc05888e608bbba6edc9\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_alpha.deb\n Size/MD5 checksum: 193844 d20a90a4252d8f9ada81eb07b9798f25\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_arm.deb\n Size/MD5 checksum: 156918 7a96bcd45ce4b637283c2b966c1fbbbc\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_arm.deb\n Size/MD5 checksum: 8146 b1081dd21eadff238d9b411a71487759\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_arm.deb\n Size/MD5 checksum: 7282 b65d0f3169de9ff0bd73289de74be475\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_arm.deb\n Size/MD5 checksum: 161486 96ab7f9daf68d8f5317cf8e633e2da29\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_i386.deb\n Size/MD5 checksum: 147604 45fbdaa219558095236d758b15ab8da0\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_i386.deb\n Size/MD5 checksum: 7602 b0d9ed0671ea6b4abc1311c3b50c2821\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_i386.deb\n Size/MD5 checksum: 7142 e125861f4de9b5958e47336332532408\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_i386.deb\n Size/MD5 checksum: 151634 8db98edeeeceddca00ab90d23a3377fd\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_ia64.deb\n Size/MD5 checksum: 194976 de93fe82b55f27ae64566d9946d0fee9\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_ia64.deb\n Size/MD5 checksum: 11016 11b9ec958564155bf58ecef0ce38621f\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_ia64.deb\n Size/MD5 checksum: 11076 d425f1ddd7dda9a2b09816976e365da8\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_ia64.deb\n Size/MD5 checksum: 229474 69ad68e6ed5ea88df1abdf954e26dfa4\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_hppa.deb\n Size/MD5 checksum: 181324 e3543dc0a15a94e57946647fdc777791\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_hppa.deb\n Size/MD5 checksum: 9638 b392986cc6d6ddf24a47589f9fc78b5b\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_hppa.deb\n Size/MD5 checksum: 9316 3be84377508b98df8f700885dc0bcb13\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_hppa.deb\n Size/MD5 checksum: 190026 4741d1df4e66ba1a90758a44a68123ab\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_m68k.deb\n Size/MD5 checksum: 142140 505be04e8005f316259cad3025d599c3\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_m68k.deb\n Size/MD5 checksum: 7306 3967ebf6db8793d6a86fd294af843260\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_m68k.deb\n Size/MD5 checksum: 7016 fb75b5d4d20a3a9f497a154622071d12\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_m68k.deb\n Size/MD5 checksum: 156574 12a13ab0e1bd6aa4557d52e433ce0128\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_mips.deb\n Size/MD5 checksum: 167564 44823af863fa6eaea95bec78a78f3c48\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_mips.deb\n Size/MD5 checksum: 9566 722001dea6d4386afdcaa5503a2734f4\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_mips.deb\n Size/MD5 checksum: 8274 8400f88e4c1ccf9d0a0fc1cdfd160818\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_mips.deb\n Size/MD5 checksum: 165456 e8f367d5b275641cac0dcdb78dd8b847\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_mipsel.deb\n Size/MD5 checksum: 168088 27fe81d3e0d259d0b2f9f1d0cb6b20c3\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_mipsel.deb\n Size/MD5 checksum: 9482 4d21b6c2528e39207b4e161ffc9f8bce\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_mipsel.deb\n Size/MD5 checksum: 8116 5465609ebc24647a0bb8cce0b855c04a\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_mipsel.deb\n Size/MD5 checksum: 165596 9a1e6e006eccecd83d1531e22a5eb69c\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_powerpc.deb\n Size/MD5 checksum: 166132 cda8b87f950b3711955c8e3124ee40e1\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_powerpc.deb\n Size/MD5 checksum: 9246 6823a85cd60349e4ba10e24884a173fd\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_powerpc.deb\n Size/MD5 checksum: 8072 b57e887073c448885cba21df750f7b3c\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_powerpc.deb\n Size/MD5 checksum: 171316 d343436d579fbb1a359e076b84480114\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_s390.deb\n Size/MD5 checksum: 153500 4e03bafc909b4461adead1162b7b2621\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_s390.deb\n Size/MD5 checksum: 7866 20eb416547214564d687c6e1b6dc0d81\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_s390.deb\n Size/MD5 checksum: 7564 bc0b59ddcb29b96cbbe839d881a419e2\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_s390.deb\n Size/MD5 checksum: 167510 59c3f71ee91508e678a66bf28c983f82\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_sparc.deb\n Size/MD5 checksum: 161136 aa671663e7343c7f7f8b47960b558f11\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_sparc.deb\n Size/MD5 checksum: 8270 2f7862d0a6f2f98b0d4c6e3e0b6929df\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_sparc.deb\n Size/MD5 checksum: 7502 97aac947b5168472b1ab4a6a0399d1c1\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_sparc.deb\n Size/MD5 checksum: 167184 9d79c42f3dcba5026069b15e742aafdd\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-8.1.dsc\n Size/MD5 checksum: 709 7a800a91469430a28ab1900ebb92ba83\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-8.1.diff.gz\n Size/MD5 checksum: 372331 20d149f93e8093e4dbb365e9278ce741\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0.orig.tar.gz\n Size/MD5 checksum: 519266 4db0503b5a62533db68b03908b981751\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_alpha.deb\n Size/MD5 checksum: 185780 fbfdd560a6b3591165a757797198e931\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_alpha.deb\n Size/MD5 checksum: 10376 3b5273e0e21ee40c5d540a22ff91b99a\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_alpha.deb\n Size/MD5 checksum: 8650 c5d672403f8038129d35022515e8a339\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_alpha.deb\n Size/MD5 checksum: 205704 22b1261a845cea95520acd68cf6e74ec\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_amd64.deb\n Size/MD5 checksum: 155358 8653e4d9403ff7baeefbc7c955b83eb7\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_amd64.deb\n Size/MD5 checksum: 8474 ffad5870291f93584f70fa7645b54bdd\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_amd64.deb\n Size/MD5 checksum: 7942 d32005b5de994f10f15dfb91a6caf507\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_amd64.deb\n Size/MD5 checksum: 183366 6304fdc084b9e2ec433712b091e497c5\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_arm.deb\n Size/MD5 checksum: 153978 e13ef5dd0694f3d0cc5836d2fdbddec0\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_arm.deb\n Size/MD5 checksum: 8126 4ef59c62c86c0d567929d0e88fd4ebb9\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_arm.deb\n Size/MD5 checksum: 7076 ccc7721296431294a6a657ec5c4bf2a7\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_arm.deb\n Size/MD5 checksum: 171352 afe13217c5566e0ecf26950bc9b2f4b5\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_i386.deb\n Size/MD5 checksum: 150416 0f2d4af07ce624a4fa3af2e0964e91a3\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_i386.deb\n Size/MD5 checksum: 7860 4e0d60fa4cebefe5c434fbe2e5bf16e6\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_i386.deb\n Size/MD5 checksum: 7354 3b6d8fc4ebc1314a35c307dd51ec1e1f\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_i386.deb\n Size/MD5 checksum: 172140 0f6b383d15e21f02a9db0f3b58d31864\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_ia64.deb\n Size/MD5 checksum: 196584 25c9be6f81524a4641c8b7faf3f14b48\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_ia64.deb\n Size/MD5 checksum: 10860 a04397bc288e8abe6f8094ac5cdfc8a8\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_ia64.deb\n Size/MD5 checksum: 10544 97dec60626ea52e0ce3adf5df0619228\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_ia64.deb\n Size/MD5 checksum: 232546 973a9a9a079936e682fe352dfb2eae0a\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_hppa.deb\n Size/MD5 checksum: 173056 0960b569e9cc3c6533e4a2394b56b18a\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_hppa.deb\n Size/MD5 checksum: 9238 5699f6b933217187a165956a4adcf8c9\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_hppa.deb\n Size/MD5 checksum: 9070 e82facecfb3184345b797176110c8795\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_hppa.deb\n Size/MD5 checksum: 201596 df67a873b1f1781b5418479802780074\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_m68k.deb\n Size/MD5 checksum: 137808 855cd148e584d2a47e15b893bc771076\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_m68k.deb\n Size/MD5 checksum: 7114 1c2ffc6287c76e8b656ac4cc8cb45197\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_m68k.deb\n Size/MD5 checksum: 6822 b23f138f206443979bef0f0d16429e9f\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_m68k.deb\n Size/MD5 checksum: 168122 fec535c555ffcec871f015251bb5d392\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_mips.deb\n Size/MD5 checksum: 166212 c3648e5b7be69cb95dd162d1532a4064\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_mips.deb\n Size/MD5 checksum: 9512 c4b9a6a610d879af5986eabeb819bd44\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_mips.deb\n Size/MD5 checksum: 8084 af031e50f98a270977aac6d3f60c37aa\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_mips.deb\n Size/MD5 checksum: 178910 0538e2bfe12f9fcd0d9b391adc4ca403\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_mipsel.deb\n Size/MD5 checksum: 167032 2739863166ce8ccdd7a289e47ce94e8f\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_mipsel.deb\n Size/MD5 checksum: 9544 cdd63315a97c0ff14fa6982811d25ac4\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_mipsel.deb\n Size/MD5 checksum: 8058 a7fee13884e082a5c0646c6723e757f4\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_mipsel.deb\n Size/MD5 checksum: 180220 d15b93b2235a05eeba9ab2fdce88327e\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_powerpc.deb\n Size/MD5 checksum: 163132 8562f340ba8cba0079fa6c36a5c3a384\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_powerpc.deb\n Size/MD5 checksum: 9170 cd1fe56377a4313d54bbce1622c5f10f\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_powerpc.deb\n Size/MD5 checksum: 9526 c9f4119ba2c4b9b2a00fd0b44b01358c\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_powerpc.deb\n Size/MD5 checksum: 192594 3adc981ada6481239fc3c61af7781da2\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_s390.deb\n Size/MD5 checksum: 164994 c92cd17bdead77f5ab59a314208d07ea\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_s390.deb\n Size/MD5 checksum: 8168 e4bce7d526b10a608e6238d0fb602131\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_s390.deb\n Size/MD5 checksum: 7802 551bdf573b50cff118ff68360a249630\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_s390.deb\n Size/MD5 checksum: 184668 d0917c0875e16ab54637f1ac1c299208\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_sparc.deb\n Size/MD5 checksum: 155602 8c2980db112716debc75371df0ae3e3a\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_sparc.deb\n Size/MD5 checksum: 8130 462d2e5c734a69f942dd73d67224f3d4\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_sparc.deb\n Size/MD5 checksum: 7304 4935a0b91d3056e28b8375d99a13181c\n http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_sparc.deb\n Size/MD5 checksum: 174592 93b600efa8160007aa687eb67b63b141\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 7, "modified": "2005-11-30T00:00:00", "published": "2005-11-30T00:00:00", "id": "DEBIAN:DSA-913-1:5B923", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00314.html", "title": "[SECURITY] [DSA 913-1] New gdk-pixbuf packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-11T13:23:48", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 911-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nNovember 29th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : gtk+2.0\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2005-2975 CVE-2005-2976 CVE-2005-3186\nBugTraq ID : 15428\nDebian Bug : 339431\n\nSeveral vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf\nXPM image rendering library. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2005-2975\n\n Ludwig Nussel discovered an infinite loop when processing XPM\n images that allows an attacker to cause a denial of service via a\n specially crafted XPM file.\n\nCVE-2005-2976\n\n Ludwig Nussel discovered an integer overflow in the way XPM images\n are processed that could lead to the execution of arbitrary code\n or crash the application via a specially crafted XPM file.\n\nCVE-2005-3186\n\n "infamous41md" discovered an integer in the XPM processing routine\n that can be used to execute arbitrary code via a traditional heap\n overflow.\n\nThe following matrix explains which versions fix these problems:\n\n old stable (woody) stable (sarge) unstable (sid)\ngdk-pixbuf 0.17.0-2woody3 0.22.0-8.1 0.22.0-11\ngtk+2.0 2.0.2-5woody3 2.6.4-3.1 2.6.10-2\n\nWe recommend that you upgrade your gtk+2.0 packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2-5woody3.dsc\n Size/MD5 checksum: 863 2c19c0b3843d6003e5561830e80aec28\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2-5woody3.diff.gz\n Size/MD5 checksum: 48155 4035c2ee98fd6c0dde2c6d73d252c6e4\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2.orig.tar.gz\n Size/MD5 checksum: 7835836 dc80381b84458d944c5300a1672c099c\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.0.2-5woody3_all.deb\n Size/MD5 checksum: 1379440 c1501024119c24ed506990384e52c660\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_alpha.deb\n Size/MD5 checksum: 221376 ed09b3dbbed147b7be1820048f832593\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_alpha.deb\n Size/MD5 checksum: 1104 ed3650ca259b534fc67c03a833a6a6f7\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_alpha.deb\n Size/MD5 checksum: 1586026 7bda54cc76e8eefbb2395f397d3cc7c6\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_alpha.deb\n Size/MD5 checksum: 595890 eca337b48cb5c2894bec95b0765ba65e\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_alpha.deb\n Size/MD5 checksum: 5878258 5ea4f1fad5efe6d3344bfc13b3addc65\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_alpha.deb\n Size/MD5 checksum: 178326 285885ccfc39722d26950f0bada6c867\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_arm.deb\n Size/MD5 checksum: 215182 5be1bc9cfaa8086536f6e3a165fd930e\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_arm.deb\n Size/MD5 checksum: 1100 0a29371fc6cac98e6545ff12b76d7847\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_arm.deb\n Size/MD5 checksum: 1420128 02ddea0ef1473ea7775d912fb1e3b91c\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_arm.deb\n Size/MD5 checksum: 595368 ff659a4540d523aac34decb6eff1f297\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_arm.deb\n Size/MD5 checksum: 2903986 02aa5794bcfa4aa9599f7ce6f28f8d6d\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_arm.deb\n Size/MD5 checksum: 177280 309dd451617141fb027c9bcd033790ea\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_i386.deb\n Size/MD5 checksum: 215480 c82e1af319f9f5949caab2938717b8e4\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_i386.deb\n Size/MD5 checksum: 1106 9d59680c9fa9ba60219f296d7959726b\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_i386.deb\n Size/MD5 checksum: 1289508 e353ab4cf8ba7d8d3a85948d7160ce99\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_i386.deb\n Size/MD5 checksum: 595390 82104b484be3b874e0af857cb37a790b\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_i386.deb\n Size/MD5 checksum: 2722172 be34f43c3d39e4df7c9ac4ec558d8e75\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_i386.deb\n Size/MD5 checksum: 177124 0c6e637485b5925c10180483ed989ba4\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_ia64.deb\n Size/MD5 checksum: 231234 1ca5b216a2567c33ac780304dba4be5d\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_ia64.deb\n Size/MD5 checksum: 1100 15327d5515c0d1a161cc5b61b86b22ce\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_ia64.deb\n Size/MD5 checksum: 2077588 901d4767fb27fe07d7ed13725ccdd2b8\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_ia64.deb\n Size/MD5 checksum: 596730 fd38392178172446f0bc716061be5209\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_ia64.deb\n Size/MD5 checksum: 9450266 a17f9d4a6dab77314a1b93549f10a3bd\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_ia64.deb\n Size/MD5 checksum: 178702 a1f72b3672cd240cd911d6b3a451f80e\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_hppa.deb\n Size/MD5 checksum: 220956 edd51b44537f51e470d8b2943c309952\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_hppa.deb\n Size/MD5 checksum: 1108 314dabcc5226bce8f63a8df5a252b584\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_hppa.deb\n Size/MD5 checksum: 1718118 ca53b11b4294c94ff8c4f9f72437b6e7\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_hppa.deb\n Size/MD5 checksum: 595688 50571f1e4793bdc9e169132defa1693a\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_hppa.deb\n Size/MD5 checksum: 3317050 fef66e14343d589e06cb244b6374bb38\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_hppa.deb\n Size/MD5 checksum: 177778 718d0b01ad8a46e50dd28b7999a84231\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_m68k.deb\n Size/MD5 checksum: 215174 2fb7d0afdfac137895e5fb343f6861f9\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_m68k.deb\n Size/MD5 checksum: 1106 fac1df7c4af7bc5b21680a3a6644ce67\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_m68k.deb\n Size/MD5 checksum: 1331670 f55e5b35c28b2639eb13dc9bb32f1347\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_m68k.deb\n Size/MD5 checksum: 595384 b36ebd35c01f490348ed9817079700d6\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_m68k.deb\n Size/MD5 checksum: 2833584 c18bb1755fb31d6da4f8093fe3c03060\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_m68k.deb\n Size/MD5 checksum: 177022 a159f5a1121c260673aee75b2e5bea2d\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_mips.deb\n Size/MD5 checksum: 216496 c38396a00cb755ddaddc8047329a664a\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_mips.deb\n Size/MD5 checksum: 1104 23407e61f23a3021ebd5871871013773\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_mips.deb\n Size/MD5 checksum: 1384584 f740703f3077ecfce8c41f264a63cf1a\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_mips.deb\n Size/MD5 checksum: 595738 0ae33fcedb001ade8548419a11492707\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_mips.deb\n Size/MD5 checksum: 4934158 4289111f54a5c6023dfe37b081a8a22a\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_mips.deb\n Size/MD5 checksum: 177506 e9f92a71bd505feb58ffe7e131e4244e\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_mipsel.deb\n Size/MD5 checksum: 216170 16933f5e26cf8aa335958943e4a8bd98\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_mipsel.deb\n Size/MD5 checksum: 1104 23657699ac0cced8d77adb7baffe1e78\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_mipsel.deb\n Size/MD5 checksum: 1375132 9d605722fdab1a9dd5f9830af7da0e67\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_mipsel.deb\n Size/MD5 checksum: 595706 648f12a77e737b06e14797407f6617ca\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_mipsel.deb\n Size/MD5 checksum: 4789004 398536470f317e5e2d3f50fdfaab1bc5\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_mipsel.deb\n Size/MD5 checksum: 177480 12f2e0288223289532430e4c96f76fd2\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_powerpc.deb\n Size/MD5 checksum: 215246 bac105a786f6085110017cbfbc001ffb\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_powerpc.deb\n Size/MD5 checksum: 1106 2e1df3200d2fa60f1480e8a62515d50d\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_powerpc.deb\n Size/MD5 checksum: 1505610 9560968696c020d1d4b0d76fa07844d0\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_powerpc.deb\n Size/MD5 checksum: 595432 12b496e50c8bd7c822d0e05fa378f6df\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_powerpc.deb\n Size/MD5 checksum: 2980722 d112daa322581d876b7875f05f02aeca\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_powerpc.deb\n Size/MD5 checksum: 177308 b192c4a7e154ac33571a0c0b31a2f5ac\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_s390.deb\n Size/MD5 checksum: 218074 f82c50d7854a0b52005d702f6f969d64\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_s390.deb\n Size/MD5 checksum: 1102 43c949763c6a96d0e6cb9ec1f24c388d\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_s390.deb\n Size/MD5 checksum: 1447638 47636343d961b7a0a64c006dd97a15a2\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_s390.deb\n Size/MD5 checksum: 595634 097a1c2b9090ede08fd57cd7c4b7c0bd\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_s390.deb\n Size/MD5 checksum: 3004574 56fbb2eb95210ce8547ccbaab380df19\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_s390.deb\n Size/MD5 checksum: 177374 d6e449c54fa3ae768932382b09801ed8\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_sparc.deb\n Size/MD5 checksum: 216190 70d05edded855a56b8ed92b735a54e1b\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_sparc.deb\n Size/MD5 checksum: 1104 35d308fd4d0171f8363f09cfce189f63\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_sparc.deb\n Size/MD5 checksum: 1434226 7b892592d104c9965240d6ac66bca9ba\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_sparc.deb\n Size/MD5 checksum: 595324 1392262c2a82832aae38b5c78f04f3bb\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_sparc.deb\n Size/MD5 checksum: 2872174 6ead4c78c5cc9c008cd4f05ab3823ba3\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_sparc.deb\n Size/MD5 checksum: 177182 2be94de14832d7bf602c942fea220204\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.1.dsc\n Size/MD5 checksum: 2000 876d42d456f4c65949fe326d4603d0a6\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.1.diff.gz\n Size/MD5 checksum: 49387 743d43246b74d208e704b0a8212625df\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4.orig.tar.gz\n Size/MD5 checksum: 16354198 a3ab72c9c80384fb707b992eb8b43c13\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.6.4-3.1_all.deb\n Size/MD5 checksum: 2983652 b84d91a0e62bc5294208e39a10d8f875\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.6.4-3.1_all.deb\n Size/MD5 checksum: 2317798 2b12f72ddc801222745fba5784f0d30a\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_alpha.deb\n Size/MD5 checksum: 62274 8efa86fa72b71c8e1ffdcf569bdd3bf9\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_alpha.deb\n Size/MD5 checksum: 268572 aa3ae47b77c14ae4e1763c8199994264\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_alpha.deb\n Size/MD5 checksum: 2463284 b46cb55a251b626f39c88484175a4eda\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_alpha.deb\n Size/MD5 checksum: 17691386 e42711f63e75be8961dd277a882c6331\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_alpha.deb\n Size/MD5 checksum: 20884 a150efa24ea5521aac282fb289f7cb90\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_alpha.deb\n Size/MD5 checksum: 8475038 57a1cdf6dd1a43188bdab145f472ee75\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_amd64.deb\n Size/MD5 checksum: 55272 4807db987b4f1ae1a1ce83f995e15b85\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_amd64.deb\n Size/MD5 checksum: 263204 ec67df85400b5970d1d983928537e5cf\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_amd64.deb\n Size/MD5 checksum: 2199236 84e0e79ee05b3f8368e28a3f7566df45\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_amd64.deb\n Size/MD5 checksum: 17653866 b0c569bd51812ed574e59095637d6e73\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_amd64.deb\n Size/MD5 checksum: 19672 6909052aa7ba8ee968b58b8e89bf2388\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_amd64.deb\n Size/MD5 checksum: 7615034 65cf59aefee1022990492a18d4a132ab\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_arm.deb\n Size/MD5 checksum: 52910 b44bfd00c91685e787729ab6e3f7e9a6\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_arm.deb\n Size/MD5 checksum: 255640 1e9e352aeaf2652cfe18dcfa69668543\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_arm.deb\n Size/MD5 checksum: 2042744 f23c0f10108b093dd7159f2fc250f54e\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_arm.deb\n Size/MD5 checksum: 17599402 b2db72cde1646ff9c137db8d4c519e86\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_arm.deb\n Size/MD5 checksum: 18138 f77d55c822f498beefb001ec9cc469fa\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_arm.deb\n Size/MD5 checksum: 7478104 89254e98a3da4f85de96a84b927cbde9\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_i386.deb\n Size/MD5 checksum: 51142 54ac82ff996e06087721a12edca85ca0\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_i386.deb\n Size/MD5 checksum: 260184 9562defc5dd5d78d3eac97ac79c0f1b6\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_i386.deb\n Size/MD5 checksum: 2097270 8dedb3a4d88d4aeb64f0b3be221b25e2\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_i386.deb\n Size/MD5 checksum: 17534636 1f90e641d602fb9aef7233c8f2fdc374\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_i386.deb\n Size/MD5 checksum: 18194 eb658bed31f5fa07d5ac7fe194dbd50e\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_i386.deb\n Size/MD5 checksum: 7234930 bb53cc8a482cf455ea1b0c913d6cd2cb\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_ia64.deb\n Size/MD5 checksum: 68508 d73110728702e8c59323435310b78aa2\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_ia64.deb\n Size/MD5 checksum: 276954 94f3ec8cdf10daa527e65993f39834ad\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_ia64.deb\n Size/MD5 checksum: 2894720 05a6507d6de9eaebd36168a293b8077d\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_ia64.deb\n Size/MD5 checksum: 17741224 ad54e2f45926cd52618f0eecdd9ebe34\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_ia64.deb\n Size/MD5 checksum: 22406 bc869ec76246419c8d0921b8cd79942b\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_ia64.deb\n Size/MD5 checksum: 8622734 06e087a2328df617cc742e301df62753\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_hppa.deb\n Size/MD5 checksum: 60060 99a7e167fcba943ebeff9f4268055623\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_hppa.deb\n Size/MD5 checksum: 263712 2cbbaede3e2498c6a7a27cf6b36186e2\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_hppa.deb\n Size/MD5 checksum: 2464528 bbf763c89d4f57fcd9e00b679d5d28ac\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_hppa.deb\n Size/MD5 checksum: 17801132 f1ee34b603b0fd82d0f5c884a80b65c3\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_hppa.deb\n Size/MD5 checksum: 19744 13930708ce9c937d039755ee09a65324\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_hppa.deb\n Size/MD5 checksum: 8408548 321bc004724d528e249865c03a4e6aab\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_m68k.deb\n Size/MD5 checksum: 47752 8721dd7e1931aefd72ff6c23e667355a\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_m68k.deb\n Size/MD5 checksum: 255414 b8e6fd4222ca20dec668bfab34024211\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_m68k.deb\n Size/MD5 checksum: 2045046 a74b3ecc5d12d6566bb3def13eea2ee4\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_m68k.deb\n Size/MD5 checksum: 17822784 dccea1d9ae943c4efaf1f556c5e7d16c\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_m68k.deb\n Size/MD5 checksum: 18100 e2fcdfba8eae770d0d091a16147b02be\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_m68k.deb\n Size/MD5 checksum: 7584802 a8f06db2e97fdca5d7131641cb87e6fc\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_mips.deb\n Size/MD5 checksum: 55698 2e233ae546e0e6bd0b0b0acdb97dc280\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_mips.deb\n Size/MD5 checksum: 259924 3290adf3c203e0d44ba2a80f8bbb4f6e\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_mips.deb\n Size/MD5 checksum: 2122598 205e050434251cc386a5ed78f1be4dec\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_mips.deb\n Size/MD5 checksum: 17885036 ef05b92517ee66fea11ad51e8737d9b6\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_mips.deb\n Size/MD5 checksum: 22858 58f33e26cba9e2c570aa3f71c4a86d1b\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_mips.deb\n Size/MD5 checksum: 8298762 f5eb185ce2ff53a530ee35b7aadd0d69\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_mipsel.deb\n Size/MD5 checksum: 55630 3ffbc3c391c376a88b59127dbd3d9811\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_mipsel.deb\n Size/MD5 checksum: 259836 605358dfcd79e6d26af498a71266df91\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_mipsel.deb\n Size/MD5 checksum: 2123080 91894a08c3dc6607e27c373281b6d9c8\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_mipsel.deb\n Size/MD5 checksum: 17651848 1db2645552e19d37204c58a671ef89b6\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_mipsel.deb\n Size/MD5 checksum: 22924 d6f5ba287f9569a3c45d14253895cf22\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_mipsel.deb\n Size/MD5 checksum: 7745414 985800b5a5e3ffab531efefa2b896d2b\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_powerpc.deb\n Size/MD5 checksum: 56914 ab390a6e0de776bfe600d9fda732152a\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_powerpc.deb\n Size/MD5 checksum: 260204 e89efb3f0c1b01d1230efbf4e40c7e8b\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_powerpc.deb\n Size/MD5 checksum: 2187944 66fc71b309ffa82890c607cd99a4fdf2\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_powerpc.deb\n Size/MD5 checksum: 28593970 dc9734cbb0718815e33808ca4f82a143\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_powerpc.deb\n Size/MD5 checksum: 22188 1e9a28597a9b214424878199b40e9fef\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_powerpc.deb\n Size/MD5 checksum: 8260248 d9407df720a9bc7ebfdfea5e9be20a2d\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_s390.deb\n Size/MD5 checksum: 55302 5a77b24f45d5a31c0cdd4ad24a3e0666\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_s390.deb\n Size/MD5 checksum: 262564 75f285e192a63e8342fcd59f7e4b503f\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_s390.deb\n Size/MD5 checksum: 2294784 4781127b291fe5ece91dc62c32f89757\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_s390.deb\n Size/MD5 checksum: 18179652 087628d587f2c29d5a996778d99f1352\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_s390.deb\n Size/MD5 checksum: 19580 002d9074502272e35fb17f26cd1497a1\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_s390.deb\n Size/MD5 checksum: 8354106 f86a8301975bbd943bba7af3bb625ae3\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_sparc.deb\n Size/MD5 checksum: 50952 0670511a0028098bb2b7e8a91d195220\n http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_sparc.deb\n Size/MD5 checksum: 256562 d35492a1f6de84c96ea0f31ebf250c4c\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_sparc.deb\n Size/MD5 checksum: 2137976 d2d31e848e05dc062336f80d3bdb310a\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_sparc.deb\n Size/MD5 checksum: 17714380 0ae0a52d3c00e951b1b9d737d94d19a5\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_sparc.deb\n Size/MD5 checksum: 17894 b9628edefc91fa4101780b56c69c86a8\n http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_sparc.deb\n Size/MD5 checksum: 7951126 87b73953c3fa278472e0b4150c160326\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 7, "modified": "2005-11-29T00:00:00", "published": "2005-11-29T00:00:00", "id": "DEBIAN:DSA-911-1:05F7B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00312.html", "title": "[SECURITY] [DSA 911-1] New gtk+2.0 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-07T10:52:00", "description": "The remote host is affected by the vulnerability described in GLSA-200511-14\n(GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities)\n\n iDEFENSE reported a possible heap overflow in the XPM loader\n (CVE-2005-3186). Upon further inspection, Ludwig Nussel discovered two\n additional issues in the XPM processing functions : an integer overflow\n (CVE-2005-2976) that affects only gdk-pixbuf, and an infinite loop\n (CVE-2005-2975).\n \nImpact :\n\n Using a specially crafted XPM image an attacker could cause an\n affected application to enter an infinite loop or trigger the\n overflows, potentially allowing the execution of arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2005-11-21T00:00:00", "title": "GLSA-200511-14 : GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "modified": "2005-11-21T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:gtk+", "p-cpe:/a:gentoo:linux:gdk-pixbuf"], "id": "GENTOO_GLSA-200511-14.NASL", "href": "https://www.tenable.com/plugins/nessus/20235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200511-14.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20235);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2975\", \"CVE-2005-2976\", \"CVE-2005-3186\");\n script_xref(name:\"GLSA\", value:\"200511-14\");\n\n script_name(english:\"GLSA-200511-14 : GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200511-14\n(GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities)\n\n iDEFENSE reported a possible heap overflow in the XPM loader\n (CVE-2005-3186). Upon further inspection, Ludwig Nussel discovered two\n additional issues in the XPM processing functions : an integer overflow\n (CVE-2005-2976) that affects only gdk-pixbuf, and an infinite loop\n (CVE-2005-2975).\n \nImpact :\n\n Using a specially crafted XPM image an attacker could cause an\n affected application to enter an infinite loop or trigger the\n overflows, potentially allowing the execution of arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd0fae5b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200511-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GTK+ 2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose x11-libs/gtk+\n All GdkPixbuf users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/gdk-pixbuf-0.22.0-r5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gdk-pixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gtk+\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/gdk-pixbuf\", unaffected:make_list(\"ge 0.22.0-r5\"), vulnerable:make_list(\"lt 0.22.0-r5\"))) flag++;\nif (qpkg_check(package:\"x11-libs/gtk+\", unaffected:make_list(\"ge 2.8.6-r1\", \"rge 2.6.10-r1\", \"lt 2.0\"), vulnerable:make_list(\"lt 2.8.6-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GTK+ 2 / GdkPixbuf\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T10:03:41", "description": "Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf\nXPM image rendering library. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2005-2975\n Ludwig Nussel discovered an infinite loop when\n processing XPM images that allows an attacker to cause a\n denial of service via a specially crafted XPM file.\n\n - CVE-2005-2976\n Ludwig Nussel discovered an integer overflow in the way\n XPM images are processed that could lead to the\n execution of arbitrary code or crash the application via\n a specially crafted XPM file.\n\n - CVE-2005-3186\n 'infamous41md' discovered an integer overflow in the XPM\n processing routine that can be used to execute arbitrary\n code via a traditional heap overflow.", "edition": 27, "published": "2006-10-14T00:00:00", "title": "Debian DSA-911-1 : gtk+2.0 - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "modified": "2006-10-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:gtk+2.0", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-911.NASL", "href": "https://www.tenable.com/plugins/nessus/22777", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-911. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22777);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2975\", \"CVE-2005-2976\", \"CVE-2005-3186\");\n script_bugtraq_id(15428);\n script_xref(name:\"DSA\", value:\"911\");\n\n script_name(english:\"Debian DSA-911-1 : gtk+2.0 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf\nXPM image rendering library. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2005-2975\n Ludwig Nussel discovered an infinite loop when\n processing XPM images that allows an attacker to cause a\n denial of service via a specially crafted XPM file.\n\n - CVE-2005-2976\n Ludwig Nussel discovered an integer overflow in the way\n XPM images are processed that could lead to the\n execution of arbitrary code or crash the application via\n a specially crafted XPM file.\n\n - CVE-2005-3186\n 'infamous41md' discovered an integer overflow in the XPM\n processing routine that can be used to execute arbitrary\n code via a traditional heap overflow.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-911\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gtk+2.0 packages.\n\nThe following matrix explains which versions fix these problems :\n\n old stable (woody) stable (sarge) unstable (sid) \n gdk-pixbuf 0.17.0-2woody3 0.22.0-8.1 0.22.0-11 \n gtk+2.0 2.0.2-5woody3 2.6.4-3.1 2.6.10-2\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gtk+2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"gtk2.0-examples\", reference:\"2.0.2-5woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libgtk-common\", reference:\"2.0.2-5woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libgtk2.0-0\", reference:\"2.0.2-5woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libgtk2.0-common\", reference:\"2.0.2-5woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libgtk2.0-dbg\", reference:\"2.0.2-5woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libgtk2.0-dev\", reference:\"2.0.2-5woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libgtk2.0-doc\", reference:\"2.0.2-5woody3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"gtk2-engines-pixbuf\", reference:\"2.6.4-3.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"gtk2.0-examples\", reference:\"2.6.4-3.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgtk2.0-0\", reference:\"2.6.4-3.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgtk2.0-0-dbg\", reference:\"2.6.4-3.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgtk2.0-bin\", reference:\"2.6.4-3.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgtk2.0-common\", reference:\"2.6.4-3.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgtk2.0-dev\", reference:\"2.6.4-3.1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgtk2.0-doc\", reference:\"2.6.4-3.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:05:47", "description": "The gdk-pixbuf package contains an image loading library used with the\nGNOME GUI desktop environment.\n\nA bug was found in the way gdk-pixbuf processes XPM images. An\nattacker could create a carefully crafted XPM file in such a way that\nit could cause an application linked with gdk-pixbuf to execute\narbitrary code when the file was opened by a victim. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-3186 to this issue.\n\nLudwig Nussel discovered an integer overflow bug in the way gdk-pixbuf\nprocesses XPM images. An attacker could create a carefully crafted XPM\nfile in such a way that it could cause an application linked with\ngdk-pixbuf to execute arbitrary code or crash when the file was opened\nby a victim. The Common Vulnerabilities and Exposures project has\nassigned the name CVE-2005-2976 to this issue.\n\nLudwig Nussel also discovered an infinite-loop denial of service bug\nin the way gdk-pixbuf processes XPM images. An attacker could create a\ncarefully crafted XPM file in such a way that it could cause an\napplication linked with gdk-pixbuf to stop responding when the file\nwas opened by a victim. The Common Vulnerabilities and Exposures\nproject has assigned the name CVE-2005-2975 to this issue.\n\nUsers of gdk-pixbuf are advised to upgrade to these updated packages,\nwhich contain backported patches and are not vulnerable to these\nissues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2005-11-21T00:00:00", "title": "Fedora Core 4 : gdk-pixbuf-0.22.0-18.fc4.2 (2005-1085)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "modified": "2005-11-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gdk-pixbuf-debuginfo", "cpe:/o:fedoraproject:fedora_core:4", "p-cpe:/a:fedoraproject:fedora:gdk-pixbuf-gnome", "p-cpe:/a:fedoraproject:fedora:gdk-pixbuf", "p-cpe:/a:fedoraproject:fedora:gdk-pixbuf-devel"], "id": "FEDORA_2005-1085.NASL", "href": "https://www.tenable.com/plugins/nessus/20229", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1085.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20229);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-3186\");\n script_xref(name:\"FEDORA\", value:\"2005-1085\");\n\n script_name(english:\"Fedora Core 4 : gdk-pixbuf-0.22.0-18.fc4.2 (2005-1085)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The gdk-pixbuf package contains an image loading library used with the\nGNOME GUI desktop environment.\n\nA bug was found in the way gdk-pixbuf processes XPM images. An\nattacker could create a carefully crafted XPM file in such a way that\nit could cause an application linked with gdk-pixbuf to execute\narbitrary code when the file was opened by a victim. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-3186 to this issue.\n\nLudwig Nussel discovered an integer overflow bug in the way gdk-pixbuf\nprocesses XPM images. An attacker could create a carefully crafted XPM\nfile in such a way that it could cause an application linked with\ngdk-pixbuf to execute arbitrary code or crash when the file was opened\nby a victim. The Common Vulnerabilities and Exposures project has\nassigned the name CVE-2005-2976 to this issue.\n\nLudwig Nussel also discovered an infinite-loop denial of service bug\nin the way gdk-pixbuf processes XPM images. An attacker could create a\ncarefully crafted XPM file in such a way that it could cause an\napplication linked with gdk-pixbuf to stop responding when the file\nwas opened by a victim. The Common Vulnerabilities and Exposures\nproject has assigned the name CVE-2005-2975 to this issue.\n\nUsers of gdk-pixbuf are advised to upgrade to these updated packages,\nwhich contain backported patches and are not vulnerable to these\nissues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-November/001581.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b4518078\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdk-pixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdk-pixbuf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdk-pixbuf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdk-pixbuf-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"gdk-pixbuf-0.22.0-18.fc4.2\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"gdk-pixbuf-debuginfo-0.22.0-18.fc4.2\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"gdk-pixbuf-devel-0.22.0-18.fc4.2\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"gdk-pixbuf-gnome-0.22.0-18.fc4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdk-pixbuf / gdk-pixbuf-debuginfo / gdk-pixbuf-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:24:53", "description": "Updated gdk-pixbuf packages that fix several security issues are now\navailable.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe gdk-pixbuf package contains an image loading library used with the\nGNOME GUI desktop environment.\n\nA bug was found in the way gdk-pixbuf processes XPM images. An\nattacker could create a carefully crafted XPM file in such a way that\nit could cause an application linked with gdk-pixbuf to execute\narbitrary code when the file was opened by a victim. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-3186 to this issue.\n\nLudwig Nussel discovered an integer overflow bug in the way gdk-pixbuf\nprocesses XPM images. An attacker could create a carefully crafted XPM\nfile in such a way that it could cause an application linked with\ngdk-pixbuf to execute arbitrary code or crash when the file was opened\nby a victim. The Common Vulnerabilities and Exposures project has\nassigned the name CVE-2005-2976 to this issue.\n\nLudwig Nussel also discovered an infinite-loop denial of service bug\nin the way gdk-pixbuf processes XPM images. An attacker could create a\ncarefully crafted XPM file in such a way that it could cause an\napplication linked with gdk-pixbuf to stop responding when the file\nwas opened by a victim. The Common Vulnerabilities and Exposures\nproject has assigned the name CVE-2005-2975 to this issue.\n\nUsers of gdk-pixbuf are advised to upgrade to these updated packages,\nwhich contain backported patches and are not vulnerable to these\nissues.", "edition": 27, "published": "2006-07-03T00:00:00", "title": "CentOS 3 / 4 : gdk-pixbuf (CESA-2005:810)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "modified": "2006-07-03T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:gdk-pixbuf-gnome", "p-cpe:/a:centos:centos:gdk-pixbuf", "p-cpe:/a:centos:centos:gdk-pixbuf-devel", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2005-810.NASL", "href": "https://www.tenable.com/plugins/nessus/21866", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:810 and \n# CentOS Errata and Security Advisory 2005:810 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21866);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2975\", \"CVE-2005-2976\", \"CVE-2005-3186\");\n script_xref(name:\"RHSA\", value:\"2005:810\");\n\n script_name(english:\"CentOS 3 / 4 : gdk-pixbuf (CESA-2005:810)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gdk-pixbuf packages that fix several security issues are now\navailable.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe gdk-pixbuf package contains an image loading library used with the\nGNOME GUI desktop environment.\n\nA bug was found in the way gdk-pixbuf processes XPM images. An\nattacker could create a carefully crafted XPM file in such a way that\nit could cause an application linked with gdk-pixbuf to execute\narbitrary code when the file was opened by a victim. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-3186 to this issue.\n\nLudwig Nussel discovered an integer overflow bug in the way gdk-pixbuf\nprocesses XPM images. An attacker could create a carefully crafted XPM\nfile in such a way that it could cause an application linked with\ngdk-pixbuf to execute arbitrary code or crash when the file was opened\nby a victim. The Common Vulnerabilities and Exposures project has\nassigned the name CVE-2005-2976 to this issue.\n\nLudwig Nussel also discovered an infinite-loop denial of service bug\nin the way gdk-pixbuf processes XPM images. An attacker could create a\ncarefully crafted XPM file in such a way that it could cause an\napplication linked with gdk-pixbuf to stop responding when the file\nwas opened by a victim. The Common Vulnerabilities and Exposures\nproject has assigned the name CVE-2005-2975 to this issue.\n\nUsers of gdk-pixbuf are advised to upgrade to these updated packages,\nwhich contain backported patches and are not vulnerable to these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012418.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98f607e3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012419.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2237dd5\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012424.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ab09d8d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012425.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ace97f5\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012426.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5d0c0607\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012428.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc62c452\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gdk-pixbuf packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gdk-pixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gdk-pixbuf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gdk-pixbuf-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"gdk-pixbuf-0.22.0-13.el3.3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"gdk-pixbuf-devel-0.22.0-13.el3.3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"gdk-pixbuf-gnome-0.22.0-13.el3.3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"gdk-pixbuf-0.22.0-17.el4.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"gdk-pixbuf-devel-0.22.0-17.el4.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdk-pixbuf / gdk-pixbuf-devel / gdk-pixbuf-gnome\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:05:32", "description": "Updated gdk-pixbuf packages that fix several security issues are now\navailable.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe gdk-pixbuf package contains an image loading library used with the\nGNOME GUI desktop environment.\n\nA bug was found in the way gdk-pixbuf processes XPM images. An\nattacker could create a carefully crafted XPM file in such a way that\nit could cause an application linked with gdk-pixbuf to execute\narbitrary code when the file was opened by a victim. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-3186 to this issue.\n\nLudwig Nussel discovered an integer overflow bug in the way gdk-pixbuf\nprocesses XPM images. An attacker could create a carefully crafted XPM\nfile in such a way that it could cause an application linked with\ngdk-pixbuf to execute arbitrary code or crash when the file was opened\nby a victim. The Common Vulnerabilities and Exposures project has\nassigned the name CVE-2005-2976 to this issue.\n\nLudwig Nussel also discovered an infinite-loop denial of service bug\nin the way gdk-pixbuf processes XPM images. An attacker could create a\ncarefully crafted XPM file in such a way that it could cause an\napplication linked with gdk-pixbuf to stop responding when the file\nwas opened by a victim. The Common Vulnerabilities and Exposures\nproject has assigned the name CVE-2005-2975 to this issue.\n\nUsers of gdk-pixbuf are advised to upgrade to these updated packages,\nwhich contain backported patches and are not vulnerable to these\nissues.", "edition": 28, "published": "2005-11-21T00:00:00", "title": "RHEL 2.1 / 3 / 4 : gdk-pixbuf (RHSA-2005:810)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "modified": "2005-11-21T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf-devel", "p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf", "p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf-gnome"], "id": "REDHAT-RHSA-2005-810.NASL", "href": "https://www.tenable.com/plugins/nessus/20237", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:810. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20237);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2975\", \"CVE-2005-2976\", \"CVE-2005-3186\");\n script_xref(name:\"RHSA\", value:\"2005:810\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : gdk-pixbuf (RHSA-2005:810)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gdk-pixbuf packages that fix several security issues are now\navailable.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe gdk-pixbuf package contains an image loading library used with the\nGNOME GUI desktop environment.\n\nA bug was found in the way gdk-pixbuf processes XPM images. An\nattacker could create a carefully crafted XPM file in such a way that\nit could cause an application linked with gdk-pixbuf to execute\narbitrary code when the file was opened by a victim. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-3186 to this issue.\n\nLudwig Nussel discovered an integer overflow bug in the way gdk-pixbuf\nprocesses XPM images. An attacker could create a carefully crafted XPM\nfile in such a way that it could cause an application linked with\ngdk-pixbuf to execute arbitrary code or crash when the file was opened\nby a victim. The Common Vulnerabilities and Exposures project has\nassigned the name CVE-2005-2976 to this issue.\n\nLudwig Nussel also discovered an infinite-loop denial of service bug\nin the way gdk-pixbuf processes XPM images. An attacker could create a\ncarefully crafted XPM file in such a way that it could cause an\napplication linked with gdk-pixbuf to stop responding when the file\nwas opened by a victim. The Common Vulnerabilities and Exposures\nproject has assigned the name CVE-2005-2975 to this issue.\n\nUsers of gdk-pixbuf are advised to upgrade to these updated packages,\nwhich contain backported patches and are not vulnerable to these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:810\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gdk-pixbuf, gdk-pixbuf-devel and / or\ngdk-pixbuf-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:810\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"gdk-pixbuf-0.22.0-12.el2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"gdk-pixbuf-devel-0.22.0-12.el2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"gdk-pixbuf-gnome-0.22.0-12.el2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"gdk-pixbuf-0.22.0-13.el3.3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"gdk-pixbuf-devel-0.22.0-13.el3.3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"gdk-pixbuf-gnome-0.22.0-13.el3.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"gdk-pixbuf-0.22.0-17.el4.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"gdk-pixbuf-devel-0.22.0-17.el4.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdk-pixbuf / gdk-pixbuf-devel / gdk-pixbuf-gnome\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:14:46", "description": "The remote host is missing the patch for the advisory SUSE-SA:2005:065 (gtk2, gdk-pixbuf).\n\n\nThe image loading library of the gdk-pixbug/gtk2 package is vulnerable\nto several security-related bugs. This makes every application (mostly\nGNOME applications) which is linked against this library vulnerable too.\n\nA carefully crafted XPM file can be used to execute arbitrary code while\nprocessing the image file. (CVE-2005-3186)\n\nAdditionally Ludwig Nussel from the SuSE Security-Team discovered an\ninteger overflow bug that can be used to execute arbitrary code too\n(CVE-2005-2976), and an infinite loop which leads to a denial of service\nbug. (CVE-2005-2975)", "edition": 6, "published": "2005-11-21T00:00:00", "title": "SUSE-SA:2005:065: gtk2, gdk-pixbuf", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "modified": "2005-11-21T00:00:00", "cpe": [], "id": "SUSE_SA_2005_065.NASL", "href": "https://www.tenable.com/plugins/nessus/20239", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:065\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(20239);\n script_version(\"1.10\");\n\n name[\"english\"] = \"SUSE-SA:2005:065: gtk2, gdk-pixbuf\";\n\n script_name(english:name[\"english\"]);\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2005:065 (gtk2, gdk-pixbuf).\n\n\nThe image loading library of the gdk-pixbug/gtk2 package is vulnerable\nto several security-related bugs. This makes every application (mostly\nGNOME applications) which is linked against this library vulnerable too.\n\nA carefully crafted XPM file can be used to execute arbitrary code while\nprocessing the image file. (CVE-2005-3186)\n\nAdditionally Ludwig Nussel from the SuSE Security-Team discovered an\ninteger overflow bug that can be used to execute arbitrary code too\n(CVE-2005-2976), and an infinite loop which leads to a denial of service\nbug. (CVE-2005-2975)\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2005_65_gtk2.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/11/21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n\n summary[\"english\"] = \"Check for the version of the gtk2, gdk-pixbuf package\";\n script_summary(english:summary[\"english\"]);\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"gtk2-2.8.3-4.3\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gtk2-devel-2.8.3-4.3\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gdk-pixbuf-0.22.0-72.3\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gdk-pixbuf-devel-0.22.0-72.3\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gtk2-2.2.3-57\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gtk2-devel-2.2.3-57\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gdk-pixbuf-0.18.0-615\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gdk-pixbuf-devel-0.18.0-615\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gtk2-2.2.4-125.10\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gtk2-devel-2.2.4-125.10\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gdk-pixbuf-0.22.0-62.13\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gdk-pixbuf-devel-0.22.0-62.13\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gtk2-2.4.9-10.3\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gtk2-devel-2.4.9-10.3\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gdk-pixbuf-0.22.0-64.3\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gdk-pixbuf-devel-0.22.0-64.3\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gtk2-2.6.4-6.3\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gtk2-devel-2.6.4-6.3\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gdk-pixbuf-0.22.0-67.3\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"gdk-pixbuf-devel-0.22.0-67.3\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:05:47", "description": "The gdk-pixbuf package contains an image loading library used with the\nGNOME GUI desktop environment.\n\nA bug was found in the way gdk-pixbuf processes XPM images. An\nattacker could create a carefully crafted XPM file in such a way that\nit could cause an application linked with gdk-pixbuf to execute\narbitrary code when the file was opened by a victim. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-3186 to this issue.\n\nLudwig Nussel discovered an integer overflow bug in the way gdk-pixbuf\nprocesses XPM images. An attacker could create a carefully crafted XPM\nfile in such a way that it could cause an application linked with\ngdk-pixbuf to execute arbitrary code or crash when the file was opened\nby a victim. The Common Vulnerabilities and Exposures project has\nassigned the name CVE-2005-2976 to this issue.\n\nLudwig Nussel also discovered an infinite-loop denial of service bug\nin the way gdk-pixbuf processes XPM images. An attacker could create a\ncarefully crafted XPM file in such a way that it could cause an\napplication linked with gdk-pixbuf to stop responding when the file\nwas opened by a victim. The Common Vulnerabilities and Exposures\nproject has assigned the name CVE-2005-2975 to this issue.\n\nUsers of gdk-pixbuf are advised to upgrade to these updated packages,\nwhich contain backported patches and are not vulnerable to these\nissues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2005-11-21T00:00:00", "title": "Fedora Core 3 : gdk-pixbuf-0.22.0-16.fc3.3 (2005-1086)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "modified": "2005-11-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gdk-pixbuf-debuginfo", "cpe:/o:fedoraproject:fedora_core:3", "p-cpe:/a:fedoraproject:fedora:gdk-pixbuf-gnome", "p-cpe:/a:fedoraproject:fedora:gdk-pixbuf", "p-cpe:/a:fedoraproject:fedora:gdk-pixbuf-devel"], "id": "FEDORA_2005-1086.NASL", "href": "https://www.tenable.com/plugins/nessus/20230", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1086.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20230);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-3186\");\n script_xref(name:\"FEDORA\", value:\"2005-1086\");\n\n script_name(english:\"Fedora Core 3 : gdk-pixbuf-0.22.0-16.fc3.3 (2005-1086)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The gdk-pixbuf package contains an image loading library used with the\nGNOME GUI desktop environment.\n\nA bug was found in the way gdk-pixbuf processes XPM images. An\nattacker could create a carefully crafted XPM file in such a way that\nit could cause an application linked with gdk-pixbuf to execute\narbitrary code when the file was opened by a victim. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-3186 to this issue.\n\nLudwig Nussel discovered an integer overflow bug in the way gdk-pixbuf\nprocesses XPM images. An attacker could create a carefully crafted XPM\nfile in such a way that it could cause an application linked with\ngdk-pixbuf to execute arbitrary code or crash when the file was opened\nby a victim. The Common Vulnerabilities and Exposures project has\nassigned the name CVE-2005-2976 to this issue.\n\nLudwig Nussel also discovered an infinite-loop denial of service bug\nin the way gdk-pixbuf processes XPM images. An attacker could create a\ncarefully crafted XPM file in such a way that it could cause an\napplication linked with gdk-pixbuf to stop responding when the file\nwas opened by a victim. The Common Vulnerabilities and Exposures\nproject has assigned the name CVE-2005-2975 to this issue.\n\nUsers of gdk-pixbuf are advised to upgrade to these updated packages,\nwhich contain backported patches and are not vulnerable to these\nissues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-November/001582.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e082c61\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdk-pixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdk-pixbuf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdk-pixbuf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdk-pixbuf-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"gdk-pixbuf-0.22.0-16.fc3.3\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"gdk-pixbuf-debuginfo-0.22.0-16.fc3.3\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"gdk-pixbuf-devel-0.22.0-16.fc3.3\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"gdk-pixbuf-gnome-0.22.0-16.fc3.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdk-pixbuf / gdk-pixbuf-debuginfo / gdk-pixbuf-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:02:12", "description": "This update fixes the following security problem: a heap overflow in\nthe XPM reader allowed attackers to execute arbitrary code via\nspecially crafted XPM images. (CVE-2005-3186, CVE-2005-2975,\nCVE-2005-2976)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : gdk-pixbuf (YOU Patch Number 10558)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_10558.NASL", "href": "https://www.tenable.com/plugins/nessus/41084", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41084);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2975\", \"CVE-2005-2976\", \"CVE-2005-3186\");\n\n script_name(english:\"SuSE9 Security Update : gdk-pixbuf (YOU Patch Number 10558)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security problem: a heap overflow in\nthe XPM reader allowed attackers to execute arbitrary code via\nspecially crafted XPM images. (CVE-2005-3186, CVE-2005-2975,\nCVE-2005-2976)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2005-2975/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2005-2976/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2005-3186/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 10558.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"gdk-pixbuf-0.22.0-62.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"gdk-pixbuf-devel-0.22.0-62.13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T15:27:05", "description": "Two integer overflows have been discovered in the XPM image loader of\nthe GDK pixbuf library. By tricking an user into opening a specially\ncrafted XPM image with any Gnome desktop application that uses this\nlibrary, this could be exploited to execute arbitrary code with the\nprivileges of the user running the application. (CVE-2005-2976,\nCVE-2005-3186)\n\nAdditionally, specially crafted XPM images could cause an endless loop\nin the image loader, which could be exploited to cause applications\ntrying to open that image to hang. (CVE-2005-2975).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 / 5.04 / 5.10 : gtk+2.0, gdk-pixbuf vulnerabilities (USN-216-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975", "CVE-2005-2976"], "modified": "2006-01-15T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-0-dbg", "p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-dbg", "p-cpe:/a:canonical:ubuntu_linux:libgdk-pixbuf2", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:libgdk-pixbuf-gnome-dev", "p-cpe:/a:canonical:ubuntu_linux:libgdk-pixbuf-dev", "p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-doc", "p-cpe:/a:canonical:ubuntu_linux:libgdk-pixbuf-gnome2", "cpe:/o:canonical:ubuntu_linux:5.10", "p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-common", "p-cpe:/a:canonical:ubuntu_linux:gtk2-engines-pixbuf", "p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-0", "p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-bin", "p-cpe:/a:canonical:ubuntu_linux:gtk2.0-examples", "p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-dev"], "id": "UBUNTU_USN-216-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-216-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20634);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-2975\", \"CVE-2005-2976\", \"CVE-2005-3186\");\n script_xref(name:\"USN\", value:\"216-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 / 5.10 : gtk+2.0, gdk-pixbuf vulnerabilities (USN-216-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two integer overflows have been discovered in the XPM image loader of\nthe GDK pixbuf library. By tricking an user into opening a specially\ncrafted XPM image with any Gnome desktop application that uses this\nlibrary, this could be exploited to execute arbitrary code with the\nprivileges of the user running the application. (CVE-2005-2976,\nCVE-2005-3186)\n\nAdditionally, specially crafted XPM images could cause an endless loop\nin the image loader, which could be exploited to cause applications\ntrying to open that image to hang. (CVE-2005-2975).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gtk2-engines-pixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gtk2.0-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdk-pixbuf-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdk-pixbuf-gnome-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdk-pixbuf-gnome2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdk-pixbuf2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgtk2.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04|5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04 / 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"gtk2.0-examples\", pkgver:\"2.4.10-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libgdk-pixbuf-dev\", pkgver:\"0.22.0-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libgdk-pixbuf-gnome-dev\", pkgver:\"0.22.0-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libgdk-pixbuf-gnome2\", pkgver:\"0.22.0-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libgdk-pixbuf2\", pkgver:\"0.22.0-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libgtk2.0-0\", pkgver:\"2.4.10-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libgtk2.0-bin\", pkgver:\"2.4.10-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libgtk2.0-common\", pkgver:\"2.4.10-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libgtk2.0-dbg\", pkgver:\"2.4.10-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libgtk2.0-dev\", pkgver:\"2.4.10-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libgtk2.0-doc\", pkgver:\"2.4.10-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"gtk2-engines-pixbuf\", pkgver:\"2.6.4-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"gtk2.0-examples\", pkgver:\"2.6.4-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libgdk-pixbuf-dev\", pkgver:\"0.22.0-7ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libgdk-pixbuf-gnome-dev\", pkgver:\"0.22.0-7ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libgdk-pixbuf-gnome2\", pkgver:\"0.22.0-7ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libgdk-pixbuf2\", pkgver:\"0.22.0-7ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libgtk2.0-0\", pkgver:\"2.6.4-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libgtk2.0-0-dbg\", pkgver:\"2.6.4-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libgtk2.0-bin\", pkgver:\"2.6.4-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libgtk2.0-common\", pkgver:\"2.6.4-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libgtk2.0-dev\", pkgver:\"2.6.4-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libgtk2.0-doc\", pkgver:\"2.6.4-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"gtk2-engines-pixbuf\", pkgver:\"2.8.6-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"gtk2.0-examples\", pkgver:\"2.8.6-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libgdk-pixbuf-dev\", pkgver:\"0.22.0-8ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libgdk-pixbuf-gnome-dev\", pkgver:\"0.22.0-8ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libgdk-pixbuf-gnome2\", pkgver:\"0.22.0-8ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libgdk-pixbuf2\", pkgver:\"0.22.0-8ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libgtk2.0-0\", pkgver:\"2.8.6-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libgtk2.0-0-dbg\", pkgver:\"2.8.6-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libgtk2.0-bin\", pkgver:\"2.8.6-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libgtk2.0-common\", pkgver:\"2.8.6-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libgtk2.0-dev\", pkgver:\"2.8.6-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libgtk2.0-doc\", pkgver:\"2.8.6-0ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gtk2-engines-pixbuf / gtk2.0-examples / libgdk-pixbuf-dev / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:05:47", "description": "The gtk2 package contains the GIMP ToolKit (GTK+), a library for\ncreating graphical user interfaces for the X Window System.\n\nA bug was found in the way gtk2 processes XPM images. An attacker\ncould create a carefully crafted XPM file in such a way that it could\ncause an application linked with gtk2 to execute arbitrary code when\nthe file was opened by a victim. The Common Vulnerabilities and\nExposures project has assigned the name CVE-2005-3186 to this issue.\n\nLudwig Nussel discovered an infinite-loop denial of service bug in the\nway gtk2 processes XPM images. An attacker could create a carefully\ncrafted XPM file in such a way that it could cause an application\nlinked with gtk2 to stop responding when the file was opened by a\nvictim. The Common Vulnerabilities and Exposures project has assigned\nthe name CVE-2005-2975 to this issue. Users of gtk2 are advised to\nupgrade to these updated packages, which contain backported patches\nand are not vulnerable to these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2005-11-21T00:00:00", "title": "Fedora Core 4 : gtk2-2.6.10-2.fc4.4 (2005-1088)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3186", "CVE-2005-2975"], "modified": "2005-11-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gtk2", "p-cpe:/a:fedoraproject:fedora:gtk2-devel", "cpe:/o:fedoraproject:fedora_core:4", "p-cpe:/a:fedoraproject:fedora:gtk2-debuginfo"], "id": "FEDORA_2005-1088.NASL", "href": "https://www.tenable.com/plugins/nessus/20232", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1088.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20232);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-3186\");\n script_xref(name:\"FEDORA\", value:\"2005-1088\");\n\n script_name(english:\"Fedora Core 4 : gtk2-2.6.10-2.fc4.4 (2005-1088)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The gtk2 package contains the GIMP ToolKit (GTK+), a library for\ncreating graphical user interfaces for the X Window System.\n\nA bug was found in the way gtk2 processes XPM images. An attacker\ncould create a carefully crafted XPM file in such a way that it could\ncause an application linked with gtk2 to execute arbitrary code when\nthe file was opened by a victim. The Common Vulnerabilities and\nExposures project has assigned the name CVE-2005-3186 to this issue.\n\nLudwig Nussel discovered an infinite-loop denial of service bug in the\nway gtk2 processes XPM images. An attacker could create a carefully\ncrafted XPM file in such a way that it could cause an application\nlinked with gtk2 to stop responding when the file was opened by a\nvictim. The Common Vulnerabilities and Exposures project has assigned\nthe name CVE-2005-2975 to this issue. Users of gtk2 are advised to\nupgrade to these updated packages, which contain backported patches\nand are not vulnerable to these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-November/001584.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?027d6498\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gtk2, gtk2-debuginfo and / or gtk2-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtk2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"gtk2-2.6.10-2.fc4.4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"gtk2-debuginfo-2.6.10-2.fc4.4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"gtk2-devel-2.6.10-2.fc4.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gtk2 / gtk2-debuginfo / gtk2-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:51", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2975", "CVE-2005-2976", "CVE-2005-3186"], "description": "The gdk-pixbuf package contains an image loading library used with the\r\nGNOME GUI desktop environment.\r\n\r\nA bug was found in the way gdk-pixbuf processes XPM images. An attacker\r\ncould create a carefully crafted XPM file in such a way that it could cause\r\nan application linked with gdk-pixbuf to execute arbitrary code when the\r\nfile was opened by a victim. The Common Vulnerabilities and Exposures\r\nproject has assigned the name CVE-2005-3186 to this issue.\r\n\r\nLudwig Nussel discovered an integer overflow bug in the way gdk-pixbuf\r\nprocesses XPM images. An attacker could create a carefully crafted XPM file\r\nin such a way that it could cause an application linked with gdk-pixbuf to\r\nexecute arbitrary code or crash when the file was opened by a victim. The\r\nCommon Vulnerabilities and Exposures project has assigned the name\r\nCVE-2005-2976 to this issue.\r\n\r\nLudwig Nussel also discovered an infinite-loop denial of service bug in the\r\nway gdk-pixbuf processes XPM images. An attacker could create a carefully\r\ncrafted XPM file in such a way that it could cause an application linked\r\nwith gdk-pixbuf to stop responding when the file was opened by a victim.\r\nThe Common Vulnerabilities and Exposures project has assigned the name\r\nCVE-2005-2975 to this issue.\r\n\r\nUsers of gdk-pixbuf are advised to upgrade to these updated packages, which\r\ncontain backported patches and are not vulnerable to these issues.", "modified": "2018-03-14T19:26:03", "published": "2005-11-15T05:00:00", "id": "RHSA-2005:810", "href": "https://access.redhat.com/errata/RHSA-2005:810", "type": "redhat", "title": "(RHSA-2005:810) gdk-pixbuf security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:44:42", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2975", "CVE-2005-3186"], "description": "The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating\r\ngraphical user interfaces for the X Window System.\r\n\r\nA bug was found in the way gtk2 processes XPM images. An attacker could\r\ncreate a carefully crafted XPM file in such a way that it could cause an\r\napplication linked with gtk2 to execute arbitrary code when the file was\r\nopened by a victim. The Common Vulnerabilities and Exposures project has\r\nassigned the name CVE-2005-3186 to this issue.\r\n\r\nLudwig Nussel discovered an infinite-loop denial of service bug in the way\r\ngtk2 processes XPM images. An attacker could create a carefully crafted XPM\r\nfile in such a way that it could cause an application linked with gtk2 to\r\nstop responding when the file was opened by a victim. The Common\r\nVulnerabilities and Exposures project has assigned the name CVE-2005-2975\r\nto this issue.\r\n\r\nUsers of gtk2 are advised to upgrade to these updated packages, which\r\ncontain backported patches and are not vulnerable to these issues.", "modified": "2017-09-08T12:17:37", "published": "2005-11-15T05:00:00", "id": "RHSA-2005:811", "href": "https://access.redhat.com/errata/RHSA-2005:811", "type": "redhat", "title": "(RHSA-2005:811) gtk2 security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:17", "bulletinFamily": "software", "cvelist": ["CVE-2005-2976"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-216-1)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf)\nSecurity Tracker: 1015216\n[Secunia Advisory ID:17591](https://secuniaresearch.flexerasoftware.com/advisories/17591/)\n[Secunia Advisory ID:17615](https://secuniaresearch.flexerasoftware.com/advisories/17615/)\n[Secunia Advisory ID:17757](https://secuniaresearch.flexerasoftware.com/advisories/17757/)\n[Secunia Advisory ID:17770](https://secuniaresearch.flexerasoftware.com/advisories/17770/)\n[Secunia Advisory ID:17791](https://secuniaresearch.flexerasoftware.com/advisories/17791/)\n[Secunia Advisory ID:17538](https://secuniaresearch.flexerasoftware.com/advisories/17538/)\n[Secunia Advisory ID:17594](https://secuniaresearch.flexerasoftware.com/advisories/17594/)\n[Secunia Advisory ID:17710](https://secuniaresearch.flexerasoftware.com/advisories/17710/)\n[Secunia Advisory ID:17588](https://secuniaresearch.flexerasoftware.com/advisories/17588/)\n[Secunia Advisory ID:17562](https://secuniaresearch.flexerasoftware.com/advisories/17562/)\n[Secunia Advisory ID:17522](https://secuniaresearch.flexerasoftware.com/advisories/17522/)\n[Secunia Advisory ID:17592](https://secuniaresearch.flexerasoftware.com/advisories/17592/)\n[Secunia Advisory ID:17657](https://secuniaresearch.flexerasoftware.com/advisories/17657/)\n[Related OSVDB ID: 20840](https://vulners.com/osvdb/OSVDB:20840)\n[Related OSVDB ID: 20841](https://vulners.com/osvdb/OSVDB:20841)\nRedHat RHSA: RHSA-2005:811\nRedHat RHSA: RHSA-2005:810\nOther Advisory URL: http://www.debian.org/security/2005/dsa-911\nOther Advisory URL: http://www.debian.org/security/2005/dsa-913\nOther Advisory URL: http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5315\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:214\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_65_gtk2.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml\nISS X-Force ID: 23083\n[CVE-2005-2976](https://vulners.com/cve/CVE-2005-2976)\nBugtraq ID: 15428\n", "modified": "2005-11-15T14:18:50", "published": "2005-11-15T14:18:50", "href": "https://vulners.com/osvdb/OSVDB:20842", "id": "OSVDB:20842", "type": "osvdb", "title": "GTK+ GdkPixbuf XPM Image Processing Multiple Field Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:17", "bulletinFamily": "software", "cvelist": ["CVE-2005-2975"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171904\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-216-1)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf)\nSecurity Tracker: 1015216\n[Secunia Advisory ID:17591](https://secuniaresearch.flexerasoftware.com/advisories/17591/)\n[Secunia Advisory ID:17615](https://secuniaresearch.flexerasoftware.com/advisories/17615/)\n[Secunia Advisory ID:17757](https://secuniaresearch.flexerasoftware.com/advisories/17757/)\n[Secunia Advisory ID:17770](https://secuniaresearch.flexerasoftware.com/advisories/17770/)\n[Secunia Advisory ID:17791](https://secuniaresearch.flexerasoftware.com/advisories/17791/)\n[Secunia Advisory ID:17538](https://secuniaresearch.flexerasoftware.com/advisories/17538/)\n[Secunia Advisory ID:17594](https://secuniaresearch.flexerasoftware.com/advisories/17594/)\n[Secunia Advisory ID:17710](https://secuniaresearch.flexerasoftware.com/advisories/17710/)\n[Secunia Advisory ID:17588](https://secuniaresearch.flexerasoftware.com/advisories/17588/)\n[Secunia Advisory ID:17562](https://secuniaresearch.flexerasoftware.com/advisories/17562/)\n[Secunia Advisory ID:17522](https://secuniaresearch.flexerasoftware.com/advisories/17522/)\n[Secunia Advisory ID:17592](https://secuniaresearch.flexerasoftware.com/advisories/17592/)\n[Secunia Advisory ID:17657](https://secuniaresearch.flexerasoftware.com/advisories/17657/)\n[Related OSVDB ID: 20840](https://vulners.com/osvdb/OSVDB:20840)\n[Related OSVDB ID: 20842](https://vulners.com/osvdb/OSVDB:20842)\nRedHat RHSA: RHSA-2005:811\nRedHat RHSA: RHSA-2005:810\nOther Advisory URL: http://www.debian.org/security/2005/dsa-911\nOther Advisory URL: http://www.debian.org/security/2005/dsa-913\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:214\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_65_gtk2.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml\n[CVE-2005-2975](https://vulners.com/cve/CVE-2005-2975)\n", "modified": "2005-11-15T14:18:50", "published": "2005-11-15T14:18:50", "href": "https://vulners.com/osvdb/OSVDB:20841", "id": "OSVDB:20841", "type": "osvdb", "title": "GTK+ GdkPixbuf XPM Image Processing Large Color Value DoS", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:17", "bulletinFamily": "software", "cvelist": ["CVE-2005-3186"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171073\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-216-1)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf)\nSecurity Tracker: 1015216\n[Secunia Advisory ID:17591](https://secuniaresearch.flexerasoftware.com/advisories/17591/)\n[Secunia Advisory ID:17615](https://secuniaresearch.flexerasoftware.com/advisories/17615/)\n[Secunia Advisory ID:17757](https://secuniaresearch.flexerasoftware.com/advisories/17757/)\n[Secunia Advisory ID:17770](https://secuniaresearch.flexerasoftware.com/advisories/17770/)\n[Secunia Advisory ID:17791](https://secuniaresearch.flexerasoftware.com/advisories/17791/)\n[Secunia Advisory ID:17538](https://secuniaresearch.flexerasoftware.com/advisories/17538/)\n[Secunia Advisory ID:17594](https://secuniaresearch.flexerasoftware.com/advisories/17594/)\n[Secunia Advisory ID:17710](https://secuniaresearch.flexerasoftware.com/advisories/17710/)\n[Secunia Advisory ID:17588](https://secuniaresearch.flexerasoftware.com/advisories/17588/)\n[Secunia Advisory ID:17562](https://secuniaresearch.flexerasoftware.com/advisories/17562/)\n[Secunia Advisory ID:17522](https://secuniaresearch.flexerasoftware.com/advisories/17522/)\n[Secunia Advisory ID:17592](https://secuniaresearch.flexerasoftware.com/advisories/17592/)\n[Secunia Advisory ID:17657](https://secuniaresearch.flexerasoftware.com/advisories/17657/)\n[Secunia Advisory ID:18509](https://secuniaresearch.flexerasoftware.com/advisories/18509/)\n[Related OSVDB ID: 20841](https://vulners.com/osvdb/OSVDB:20841)\n[Related OSVDB ID: 20842](https://vulners.com/osvdb/OSVDB:20842)\nRedHat RHSA: RHSA-2005:811\nRedHat RHSA: RHSA-2005:810\nOther Advisory URL: http://www.debian.org/security/2005/dsa-911\nOther Advisory URL: http://www.debian.org/security/2005/dsa-913\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txt\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:214\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_65_gtk2.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0490.html\n[CVE-2005-3186](https://vulners.com/cve/CVE-2005-3186)\n", "modified": "2005-11-15T14:18:50", "published": "2005-11-15T14:18:50", "href": "https://vulners.com/osvdb/OSVDB:20840", "id": "OSVDB:20840", "type": "osvdb", "title": "GTK+ GdkPixbuf XPM Image Processing Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-3186"], "description": "Multiple Vendor GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerability\r\n\r\niDEFENSE Security Advisory 11.15.05\r\nwww.idefense.com/application/poi/display?id=339&type=vulnerabilities\r\nNovember 15, 2005\r\n\r\nI. BACKGROUND\r\n\r\nGTK+ is a multi-platform toolkit for creating graphical user interfaces.\r\nOffering a complete set of widgets, GTK+ is suitable for projects\r\nranging from small one-off projects to complete application suites.\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of heap overflow vulnerability in various vendors'\r\nimplementations of the GTK+ gdk-pixbuf XPM image rendering library could\r\nallow for arbitrary code execution.\r\n\r\nThe vulnerability specifically exists due to an integer overflow while\r\nprocessing XPM files. The following code snippet illustrates the\r\nvulnerability:\r\n\r\nif (n_col <= 0 || n_col >= G_MAXINT / (cpp + 1)) {\r\n g_set_error (error,\r\n GDK_PIXBUF_ERROR,\r\n GDK_PIXBUF_ERROR_CORRUPT_IMAGE,\r\n _("XPM file has invalid number of colors"));\r\n return NULL;\r\n }\r\n[...]\r\ncolors = (XPMColor *) g_try_malloc ((sizeof (XPMColor) * n_col));\r\n[...]\r\n\r\n\r\nThe validity check of n_col is enough to prevent an integer overflow in\r\nthe first g_try_malloc, however there is not a proper check for the\r\nsecond g_try_malloc, which allows an undersized heap buffer to be\r\nallocated, then overflowed while using n_col as an upper bounds in a\r\ncopying loop. This can be used to execute arbitrary code via traditional\r\nheap overflow 4 byte write methods or by overwriting adjacent areas of\r\nthe heap with important values such as function pointers.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation could allow for arbitrary code execution in the context of\r\nthe user running the affected application. As this library is used in a\r\nvariety of applications, this vulnerability could be exploited either\r\nremotely, via a networked application or locally.\r\n\r\nIV. DETECTION\r\n\r\niDEFENSE has confirmed the existence of this vulnerability in gtk+ 2.4.0\r\ncompiled from source. It is suspected that previous versions are also\r\naffected by this vulnerability. The following vendors include\r\nsusceptible GTK+ and GdkPixBuf packages within their respective\r\noperating system distributions:\r\n\r\n The Debian Project:\r\n Debian GNU/Linux 3.0 and 3.1 (all architectures)\r\n Mandriva (formerly Mandrakesoft):\r\n Mandriva Linux (formerly Mandrakelinux) 10.0 and 10.1,\r\n Corporate Server 3.0\r\n Novell Inc.:\r\n SuSE Linux 8.2, 9.0, 9.1 and 9.2\r\n Red Hat Inc.:\r\n Red Hat Enterprise Linux 2.1, 3, 4,\r\n Fedora Core 3, 4\r\n\r\nV. WORKAROUND\r\n\r\nUsers should not open untrusted media files.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nRed Hat Inc.:\r\n\r\n"This issue affects the gtk2 packages as shipped with Red Hat Enterprise\r\nLinux 3 and 4, and the gdk-pixbuf packages as shipped with Red Hat\r\nEnterprise Linux 2.1, 3, and 4. Updates to these packages are available\r\nat the URL below or by using the Red Hat Network up2date tool.\r\nhttp://rhn.redhat.com/errata/CVE-2005-3186.html\r\n\r\nThis issue affects the gtk2 and gdk-pixbuf packages as shipped with\r\nFedora Core 3 and 4."\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-3186 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n10/12/2005 Initial vendor notification\r\n10/14/2005 Initial vendor response\r\n11/15/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\ninfamous41md is credited with the discovery of this vulnerability.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2005 iDEFENSE, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n", "edition": 1, "modified": "2005-11-16T00:00:00", "published": "2005-11-16T00:00:00", "id": "SECURITYVULNS:DOC:10246", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10246", "title": "iDEFENSE Security Advisory 11.15.05: Multiple Vendor GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}