Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
Loic Minier
lool at dooz.org
Wed Nov 16 12:45:13 UTC 2005
tags 339431 + patch
thanks
On Wed, Nov 16, 2005, Moritz Muehlenhoff wrote:
> An integer overflow in gdk-pixbuf's XPM rendering code can be exploited
> to overwrite the heap and exploit arbitrary code through crafted images.
> Please see www.idefense.com/application/poi/display?id=339&type=vulnerabilities
> for more details.
Redhat's bug report for CVE-2005-3186 with a patch attached:
<https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171071>
Did you identify other packages with a copy of this code? In
particular, did you check Gtk 1?
The Redhat security advisory also fixes CVE-2005-2975, for which I see
no entry in the Debian changelog, could you please investifate on this
id and report whether gtk1 and gtk2 are affected for Debian?
Redhat's advisories:
<http://rhn.redhat.com/errata/RHSA-2005-810.html>
<http://rhn.redhat.com/errata/RHSA-2005-811.html>
Redhat bug for CVE-2005-2975 with two patches attached:
<https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900>
Cheers,
--
Loïc Minier <lool at dooz.org>
"What do we want? BRAINS! When do we want it? BRAINS!"
More information about the Pkg-gnome-maintainers
mailing list