7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.305 Low
EPSS
Percentile
97.0%
A vulnerability exists in the BMP handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition.
GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user interfaces. It is used by the Gnome desktop and other applications. GdkPixbuf contains a heap overflow vulnerability in the DoCompressed()
function of the BMP loading routine.
By convincing the user to open a specially crafted BMP file, an attacker could cause a denial of service by crashing the application that uses GdkPixbuf.
Apply a patch from your vendor
For vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document.
Upgrade your version of gtk+
Upgrade your system as specified by your vendor. If you need to compile the software from the original source, get gtk+ 2.4.10.
825374
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: September 17, 2004 Updated: September 20, 2004
Affected
The stable Debian distribution (3.0 alias woody) is vulnerable to
several of these problems. The matrix below explains which version
fixes which problem.
| Gtk+2.0 gdk-pixbuf
------------------------+------------------------------------
VU#825374 CAN-2004-0753 | not vuln 0.17.0-2woody2
VU#729894 CAN-2004-0782 | 2.0.2-5woody2 0.17.0-2woody2
VU#369358 CAN-2004-0783 | 2.0.2-5woody2 not vuln
VU#577654 CAN-2004-0788 | 2.0.2-5woody2 0.17.0-2woody2
For the unstable distribution (sid) these problems have been fixed in
version 0.22.0-7 of gdk-pixbuf, and will be fixed soon in Gtk+2.0.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Affected
updated gtk2, gdk-pixbuf packages were already released.
These packages do not contain fixes for the remote denial-of-service
bug referenced by VU#825374 and CAN-2004-0753. This bug will be
fixed as soon as possible.
Our customers can update their systems by using the
YaST Online Update (YOU) tool or installing the RPM
file directly from <http://www.suse.de/en/private/download/updates/>
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: January 31, 2005
Not Affected
Mac OS X and Mac OS X Server do not contain the software described in this vulnerability note.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 28, 2004
Not Affected
HI-UX/WE2 is NOT Vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
Notified: September 17, 2004 Updated: September 20, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23825374 Feedback>).
View all 35 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by the Red Hat Security Response Team.
This document was written by Will Dormann.
CVE IDs: | CVE-2004-0753 |
---|---|
Severity Metric: | 1.77 Date Public: |