CVE-2004-0904

CVE-2004-0904 : Integer overflow in the BMP decoder can trigger heap-based buffer overflows, enabling remote code execution. Affected products are Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8. Remediation is to apply fixes/updates released after the...

CVE-2004-0904

Integer overflow in the bitmap BMP decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows...

CVE-2004-0782

Integer overflow in pixbufcreatefromxpm io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain ncol and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+...

CVE-2004-0788

Integer overflow in the ICO image decoder for 1 gdk-pixbuf before 0.22 and 2 gtk2 before 2.2.4 allows remote attackers to cause a denial of service application crash via a crafted ICO file...

CVE-2004-0782

Integer overflow in pixbufcreatefromxpm io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain ncol and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+...

CVE-2004-0788

Integer overflow in the ICO image decoder for 1 gdk-pixbuf before 0.22 and 2 gtk2 before 2.2.4 allows remote attackers to cause a denial of service application crash via a crafted ICO file...

CVE-2004-0783

Stack-based buffer overflow in xpmextractcolor io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in a...

CVE-2004-0783

Stack-based buffer overflow in xpmextractcolor io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in a...

CVE-2004-1379

Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a 1 DVD or 2 MPEG subpicture header where the second field reuses RLE data from the end of the first field...

CESA-2004-005: gtk+ XPM decoder

CESA-2004-005 - rev 1 http://scary.beasts.org/security/CESA-2004-005.txt gtk+-2.4.4 XPM image decoder parsing flaws ========================================== Programs: gtk+, and any programs which use gtk+ to decode XPM files. For example, Evolution. Severity: Compromise of account used to brows...

security flaw

Stack-based buffer overflow in xpmextractcolor io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in a...

security flaw

Integer overflow in pixbufcreatefromxpm io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain ncol and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+...

security flaw

Integer overflow in the ICO image decoder for 1 gdk-pixbuf before 0.22 and 2 gtk2 before 2.2.4 allows remote attackers to cause a denial of service application crash via a crafted ICO file...

Important: Red Hat Security Advisory: gdk-pixbuf security update

Updated gdk-pixbuf packages that fix several security flaws are now available. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. Updated 15th September 2004 Packages have been updated to correct a bug which caused the xpm loader to fail. During...

security flaw

Integer overflow in pixbufcreatefromxpm io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain ncol and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+...

RHEL 3 : gtk2 (RHSA-2004:466)

Updated gtk2 packages that fix several security flaws and bugs are now available. The gtk2 package contains the GIMP ToolKit GTK+, a library for creating graphical user interfaces for the X Window System. During testing of a previously fixed flaw in Qt CVE-2004-0691, a flaw was discovered in the...

RHEL 2.1 / 3 : gdk-pixbuf (RHSA-2004:447)

Updated gdk-pixbuf packages that fix several security flaws are now available. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. Updated 15th September 2004 Packages have been updated to correct a bug which caused the xpm loader to fail. During...

mozilla -- BMP decoder vulnerabilities

Gael Delalleau discovered several integer overflows in Mozilla's BMP decoder that can result in denial-of-service or arbitrary code execution...

CVE-2004-0644

The asn1bufskiptail function in the ASN.1 decoder library for MIT Kerberos 5 krb5 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service infinite loop via a certain BER encoding...

CVE-2004-0644

The asn1bufskiptail function in the ASN.1 decoder library for MIT Kerberos 5 krb5 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service infinite loop via a certain BER encoding...