CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
88.2%
CentOS Errata and Security Advisory CESA-2005:344
The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating
graphical user interfaces for the X Window System.
A bug was found in the way gtk2 processes BMP images. It is possible
that a specially crafted BMP image could cause a denial of service attack
on applications linked against gtk2. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to
this issue.
Users of gtk2 are advised to upgrade to these packages, which contain
a backported patch and is not vulnerable to this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-April/073683.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073684.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073687.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073688.html
Affected packages:
gtk2
gtk2-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2005:344
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | gtk2 | < 2.2.4-15 | gtk2-2.2.4-15.i386.rpm |
CentOS | 3 | i386 | gtk2-devel | < 2.2.4-15 | gtk2-devel-2.2.4-15.i386.rpm |
CentOS | 3 | i386 | gtk2 | < 2.2.4-15 | gtk2-2.2.4-15.i386.rpm |
CentOS | 3 | x86_64 | gtk2 | < 2.2.4-15 | gtk2-2.2.4-15.x86_64.rpm |
CentOS | 3 | x86_64 | gtk2-devel | < 2.2.4-15 | gtk2-devel-2.2.4-15.x86_64.rpm |
CentOS | 3 | s390 | gtk2 | < 2.2.4-15 | gtk2-2.2.4-15.s390.rpm |
CentOS | 3 | s390 | gtk2-devel | < 2.2.4-15 | gtk2-devel-2.2.4-15.s390.rpm |
CentOS | 3 | s390x | gtk2 | < 2.2.4-15 | gtk2-2.2.4-15.s390x.rpm |
CentOS | 3 | s390x | gtk2-devel | < 2.2.4-15 | gtk2-devel-2.2.4-15.s390x.rpm |
CentOS | 4 | i386 | gtk2 | < 2.4.13-14 | gtk2-2.4.13-14.i386.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
88.2%