Updated cups packages fix security vulnerabilities

The updated packages fix security vulnerabilities and a regression with GTK+ apps caused by the fix for CVE-2025-58436: OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack. CVE-2025-58436 OpenPrinting CUPS vulnerable to stack based out-of-bound write. CVE-2025-61915...

[SECURITY] Fedora 41 Update: gdk-pixbuf2-2.42.12-9.fc41

gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter...

CVE-2017-1000121

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products...

MGASA-2016-0069 Updated gtk+2.0 packages fix CVE-2013-7447

Updated gtk+2.0 packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in gdkcairosetsourcepixbuf, leading to a crash of the app that called it, for example, eom CVE-2013-7447...

UBUNTU-CVE-2014-1949

GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button...

MGASA-2014-0374 Updated gtk+3.0 packages fix CVE-2014-1949

Updated gtk+3.0 packages fix security vulnerability: Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An attacker with physical access to the machine could use this flaw to take over the locked desktop session CVE-2014-1949. This was fixed by...

PT-2011-1768 · Gtk+ Team · Gtk+

Name of the Vulnerable Software and Affected Versions: GTK+ versions prior to 2.24.0 Description: The issue is related to an untrusted search path vulnerability in the modules/engines/ms-windows/xp theme.c module. This allows local users to gain privileges via a Trojan horse uxtheme.dll file in t...

GTK+ may insecurely load dynamic libraries

Overview GTK+ may use unsafe methods for determining how to load DLLs. GTK+ is a toolkit for developing applications with GUIs. GTK+ contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IP...

DEBIAN-CVE-2010-0732

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDKWINDOWFOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an...

security flaw

The GdkPixbufLoader function in GIMP ToolKit GTK+ in GTK 2 gtk2 before 2.4.13 allows context-dependent attackers to cause a denial of service crash via a malformed image file...

security flaw

Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow...

security flaw

Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. dot dot sequences in filenames returned from a LIST command...

DEBIAN-CVE-2005-0372

Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. dot dot sequences in filenames returned from a LIST command...

DEBIAN-CVE-2004-0783

Stack-based buffer overflow in xpmextractcolor io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in a...

GdkPixbuf XPM parser contains a stack overflow vulnerability

Overview A stack overflow vulnerability exists in the XPM handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition or execution of arbitrary code. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for...

CESA-2004-005: gtk+ XPM decoder

CESA-2004-005 - rev 1 http://scary.beasts.org/security/CESA-2004-005.txt gtk+-2.4.4 XPM image decoder parsing flaws ========================================== Programs: gtk+, and any programs which use gtk+ to decode XPM files. For example, Evolution. Severity: Compromise of account used to brows...

security flaw

Stack-based buffer overflow in xpmextractcolor io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in a...

security flaw

Integer overflow in pixbufcreatefromxpm io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain ncol and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+...

security flaw

Stack-based buffer overflow in xpmextractcolor io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in a...

PT-2005-5561 · Gentoo +4 · Gentoo Linux +11

Name of the Vulnerable Software and Affected Versions: gdk-pixbuf-gnome version 0.22.0 gtk2 versions prior to 2.8.7 gdk-pixbuf-devel version 0.22.0 libgtk-common affected versions not specified libgtk2.0-dbg affected versions not specified gtk2-devel affected versions not specified gtk2-doc...