Lucene search

K
osvGoogleOSV:DSA-913-1
HistoryDec 01, 2005 - 12:00 a.m.

gdk-pixbuf - several

2005-12-0100:00:00
Google
osv.dev
4

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

Several vulnerabilities have been found in gdk-pixbuf, the Gtk+
GdkPixBuf XPM image rendering library. The Common Vulnerabilities and
Exposures project identifies the following problems:

  • CVE-2005-2975
    Ludwig Nussel discovered an infinite loop when processing XPM
    images that allows an attacker to cause a denial of service via a
    specially crafted XPM file.
  • CVE-2005-2976
    Ludwig Nussel discovered an integer overflow in the way XPM images
    are processed that could lead to the execution of arbitrary code
    or crash the application via a specially crafted XPM file.
  • CVE-2005-3186
    “infamous41md” discovered an integer in the XPM processing routine
    that can be used to execute arbitrary code via a traditional heap
    overflow.

The following matrix explains which versions fix these problems:

old stable (woody) stable (sarge) unstable (sid)
gdk-pixbuf 0.17.0-2woody3 0.22.0-8.1 0.22.0-11
gtk+2.0 2.0.2-5woody3 2.6.4-3.1 2.6.10-2

We recommend that you upgrade your gdk-pixbuf packages.

CPENameOperatorVersion
gdk-pixbufeq0.22.0-8

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C