Lucene search
SuseSUSE-SA:2004:033HistorySep 17, 2004 - 10:02 a.m.
remote code execution in gtk2, gdk-pixbuf
2004-09-1710:02:50
lists.opensuse.org
17
0.964 High
EPSS
Percentile
99.6%
gdk-pixbuf is an image loading and rendering library mostly used by GTK and GNOME applications. It is distributed as a separate package for gtk1 and integrated into the gtk2 package. Chris Evans has discovered a heap based, a stack based and an integer overflow in the XPM and ICO loaders of those libraries. The overflows can be exploited by tricking an application to display a malformed image to make it crash or to execute code.
Solution
There is no known workaround, please install the update packages.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.0 | x86_64 | gtk2 | < 2.2.3-54 | gtk2-2.2.3-54.x86_64.rpm |
| openSUSE | 9.1 | i586 | gtk2 | < 2.2.4-125.4 | gtk2-2.2.4-125.4.i586.rpm |
| openSUSE | 8.1 | i586 | gdk-pixbuf | < 0.18.0-609 | gdk-pixbuf-0.18.0-609.i586.rpm |
| openSUSE | 8.2 | i586 | gdk-pixbuf | < 0.18.0-609 | gdk-pixbuf-0.18.0-609.i586.rpm |
| openSUSE | 9.0 | x86_64 | gdk-pixbuf | < 0.18.0-610 | gdk-pixbuf-0.18.0-610.x86_64.rpm |
| openSUSE | 9.0 | i586 | gtk2 | < 2.2.3-54 | gtk2-2.2.3-54.i586.rpm |
| openSUSE | 9.1 | x86_64 | gtk2 | < 2.2.4-125.4 | gtk2-2.2.4-125.4.x86_64.rpm |
| openSUSE | 9.1 | i586 | gdk-pixbuf | < 0.22.0-62.7 | gdk-pixbuf-0.22.0-62.7.i586.rpm |
| openSUSE | 9.1 | x86_64 | gdk-pixbuf | < 0.22.0-62.7 | gdk-pixbuf-0.22.0-62.7.x86_64.rpm |
| openSUSE | 9.0 | i586 | gdk-pixbuf | < 0.18.0-610 | gdk-pixbuf-0.18.0-610.i586.rpm |
Related
suse
suse
remote denial-of-service in apache2
2004-09-15 15:46:39
remote command execution in XFree86-libs, xshared
2004-09-17 13:37:17
remote DoS condition in apache2
2004-09-06 13:51:41
openvas
openvas
SLES9: Security update for Mozilla
2009-10-10 00:00:00
SLES9: Security update for Mozilla
2009-10-10 00:00:00
Slackware Advisory SSA:2004-223-01 Mozilla
2012-09-11 00:00:00
nessus
nessus
RHEL 2.1 / 3 : mozilla (RHSA-2004:421)
2004-08-05 00:00:00
Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)
2005-07-13 00:00:00
Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)
2004-08-22 00:00:00
slackware
slackware
[slackware-security] Mozilla
2004-08-10 21:17:12
[slackware-security] gaim
2004-08-27 02:48:11
redhat
redhat
(RHSA-2004:421) mozilla security update
2004-08-04 00:00:00
(RHSA-2004:400) gaim security update
2004-09-07 00:00:00
(RHSA-2004:447) gdk-pixbuf security update
2004-09-15 00:00:00
freebsd
freebsd
gdk-pixbuf -- image decoding vulnerabilities
2004-09-15 00:00:00
gaim -- multiple buffer overflows
2004-08-26 00:00:00
mozilla -- automated file upload
2004-04-28 00:00:00
osv
osv
gtk+2.0 - multiple holes
2004-09-17 00:00:00
gdk-pixbuf - several vulnerabilities
2004-09-16 00:00:00
debian
debian
[SECURITY] [DSA 549-1] New gtk+2.0 packages fix several vulnerabilities
2004-09-17 09:25:18
[SECURITY] [DSA 549-1] New gtk+2.0 packages fix several vulnerabilities
2004-09-17 09:25:18
[SECURITY] [DSA 546-1] New gdk-pixbuf packages fix several vulnerabilities
2004-09-16 09:02:33
gentoo
gentoo
Gaim: New vulnerabilities
2004-08-27 00:00:00
GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities
2004-09-21 00:00:00
cert
cert
GdkPixbuf BMP parser may enter an infinite loop
2004-10-01 00:00:00
GdkPixbuf XPM parser contains a heap overflow vulnerability
2004-10-01 00:00:00
Mozilla contains a buffer overflow in the SendUidl() function
2004-08-20 00:00:00
securityvulns
securityvulns
CESA-2004-004: libXpm
2004-09-16 00:00:00
CESA-2004-005: gtk+ XPM decoder
2004-09-16 00:00:00
cve
cve
cvelist
cvelist
nvd
nvd
ubuntucve
ubuntucve
checkpoint_advisories
checkpoint_advisories
Mozilla SOAPParameter Integer Overflow (CVE-2004-0722)
2010-03-15 00:00:00
CVS File Existence Information Disclosure (CVE-2004-0788)
2009-10-14 00:00:00
Mozilla Firefox onunload SSL Certificate Spoofing (CVE-2004-0763)
2009-11-19 00:00:00
debiancve
debiancve
CVE-2004-0832
2004-11-03 05:00:00
CVE-2004-0788
2004-10-20 04:00:00