[Bug 19702] CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

bugzilla-daemon at bugzilla.ubuntu.com bugzilla-daemon at bugzilla.ubuntu.com
Wed Nov 16 15:52:06 UTC 2005 

Please do not reply to this email.  You can add comments at
http://bugzilla.ubuntu.com/show_bug.cgi?id=19702
Ubuntu | gtk+2.0





------- Additional Comments From debzilla at ubuntu.com  2005-11-16 15:52 UTC -------
Message-ID: <20051116135207.GA28754 at informatik.uni-bremen.de>
Date: Wed, 16 Nov 2005 14:52:08 +0100
From: Moritz Muehlenhoff <jmm at inutil.org>
To: Loic Minier <lool at dooz.org>
Cc: 339431 at bugs.debian.org
Subject: Re: Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

Loic Minier wrote:
> > An integer overflow in gdk-pixbuf's XPM rendering code can be exploited
> > to overwrite the heap and exploit arbitrary code through crafted images.
> > Please see www.idefense.com/application/poi/display?id=339&type=vulnerabilities
> > for more details.
> 
>  Did you identify other packages with a copy of this code?  In
>  particular, did you check Gtk 1?

gdk-pixbuf from GTK1 is affected by CVE-2005-3186; the vulnerable code is
present in io-xpm.c:359 

>  The Redhat security advisory also fixes CVE-2005-2975, for which I see
>  no entry in the Debian changelog, could you please investifate on this
>  id and report whether gtk1 and gtk2 are affected for Debian?
> 
>  Redhat's advisories:
>     <http://rhn.redhat.com/errata/RHSA-2005-810.html>
>     <http://rhn.redhat.com/errata/RHSA-2005-811.html>
> 
>  Redhat bug for CVE-2005-2975 with two patches attached:
>     <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900>

This is all for sid:

gdk-pixbuf is both vulnerable to the integer overflow in pixels calculation
(io-xpm.c:413), as to the endless loop DoS attack (io-xpm:284).

gtk+2.0 is not vulnerable to the integer overflow in pixels calculation,
as it allocates pixbuf through gdk_pixbuf_new(), but is vulnerable to the
endless loop DoS (io-xpm.c:1170).

Cheers,
        Moritz




-- 
Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the desktop-bugs mailing list