GdkPixbuf pixbuf_create_from_xpm Local Overflow

2004-09-15T00:00:00
ID OSVDB:9997
Type osvdb
Reporter Chris Evans(chris@scary.beasts.org)
Modified 2004-09-15T00:00:00

Description

Vulnerability Description

A remote overflow exists in GdkPixbuf. The pixbuf_create_from_xpm (in io-xpm.c) fails to sanitise input from the .xpm resulting in a heap overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.

Solution Description

Upgrade to the packages not affected for your operating system or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in GdkPixbuf. The pixbuf_create_from_xpm (in io-xpm.c) fails to sanitise input from the .xpm resulting in a heap overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.

References:

Vendor URL: http://www.gtk.org/ Vendor Specific Solution URL: http://www.debian.org/security/2004/dsa-546 Vendor Specific Advisory URL Security Tracker: 1011285 Secunia Advisory ID:12543 Secunia Advisory ID:12615 Secunia Advisory ID:12564 Secunia Advisory ID:12568 Secunia Advisory ID:12548 Secunia Advisory ID:12542 Secunia Advisory ID:12551 Secunia Advisory ID:12545 Secunia Advisory ID:12550 Secunia Advisory ID:13395 Secunia Advisory ID:17657 Related OSVDB ID: 9996 Related OSVDB ID: 9999 Related OSVDB ID: 9998 RedHat RHSA: RHSA-2004:466 RedHat RHSA: RHSA-2004:447 Other Advisory URL: http://marc.theaimsgroup.com/?l=bugtraq&m=109528994916275&w=2 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200409-28.xml Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:095 Other Advisory URL: http://scary.beasts.org/security/CESA-2004-005.txt Other Advisory URL: http://www.debian.org/security/2004/dsa-546 Other Advisory URL: http://www.suse.de/de/security/2004_03_sr.html Other Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:214 ISS X-Force ID: 17386 Generic Informational URL: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130711 Generic Informational URL: http://bugzilla.gnome.org/show_bug.cgi?id=150601 Generic Exploit URL: http://scary.beasts.org/misc/gdk1.xpm CVE-2004-0782