Several vulnerabilities have been found in gdk-pixbuf, the Gtk+
GdkPixBuf XPM image rendering library. The Common Vulnerabilities and
Exposures project identifies the following problems:
- CVE-2005-2975
Ludwig Nussel discovered an infinite loop when processing XPM
images that allows an attacker to cause a denial of service via a
specially crafted XPM file.
- CVE-2005-2976
Ludwig Nussel discovered an integer overflow in the way XPM images
are processed that could lead to the execution of arbitrary code
or crash the application via a specially crafted XPM file.
- CVE-2005-3186
“infamous41md” discovered an integer in the XPM processing routine
that can be used to execute arbitrary code via a traditional heap
overflow.
The following matrix explains which versions fix these problems:
|
old stable (woody) |
stable (sarge) |
unstable (sid) |
gdk-pixbuf |
0.17.0-2woody3 |
0.22.0-8.1 |
0.22.0-11 |
gtk+2.0 |
2.0.2-5woody3 |
2.6.4-3.1 |
2.6.10-2 |
We recommend that you upgrade your gdk-pixbuf packages.