Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
Moritz Muehlenhoff
jmm at inutil.org
Wed Nov 16 13:52:08 UTC 2005
Loic Minier wrote:
> > An integer overflow in gdk-pixbuf's XPM rendering code can be exploited
> > to overwrite the heap and exploit arbitrary code through crafted images.
> > Please see www.idefense.com/application/poi/display?id=339&type=vulnerabilities
> > for more details.
>
> Did you identify other packages with a copy of this code? In
> particular, did you check Gtk 1?
gdk-pixbuf from GTK1 is affected by CVE-2005-3186; the vulnerable code is
present in io-xpm.c:359
> The Redhat security advisory also fixes CVE-2005-2975, for which I see
> no entry in the Debian changelog, could you please investifate on this
> id and report whether gtk1 and gtk2 are affected for Debian?
>
> Redhat's advisories:
> <http://rhn.redhat.com/errata/RHSA-2005-810.html>
> <http://rhn.redhat.com/errata/RHSA-2005-811.html>
>
> Redhat bug for CVE-2005-2975 with two patches attached:
> <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900>
This is all for sid:
gdk-pixbuf is both vulnerable to the integer overflow in pixels calculation
(io-xpm.c:413), as to the endless loop DoS attack (io-xpm:284).
gtk+2.0 is not vulnerable to the integer overflow in pixels calculation,
as it allocates pixbuf through gdk_pixbuf_new(), but is vulnerable to the
endless loop DoS (io-xpm.c:1170).
Cheers,
Moritz
More information about the Pkg-gnome-maintainers
mailing list