Vulnerability Note VU#729894
GdkPixbuf XPM parser contains a heap overflow vulnerability
A heap overflow vulnerability exists in the XPM handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition or execution of arbitrary code.
GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user interfaces. It is used by the Gnome desktop and other applications. GdkPixbuf contains a heap overflow vulnerability in the pixbuf_create_from_xpm() function of the XPM loading routine.
By convincing the user to open a specially crafted XPM file, an attacker could cause a denial of service by crashing the application that uses GdkPixbuf. It may also be possible to execute arbitrary code with the permissions of that application.
Apply a patch from your vendor
For vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian||Affected||17 Sep 2004||20 Sep 2004|
|SuSE Inc.||Affected||17 Sep 2004||20 Sep 2004|
|Apple Computer Inc.||Not Affected||17 Sep 2004||31 Jan 2005|
|Hitachi||Not Affected||17 Sep 2004||28 Sep 2004|
|BSDI||Unknown||17 Sep 2004||20 Sep 2004|
|Conectiva||Unknown||17 Sep 2004||20 Sep 2004|
|Cray Inc.||Unknown||17 Sep 2004||20 Sep 2004|
|EMC Corporation||Unknown||17 Sep 2004||20 Sep 2004|
|Engarde||Unknown||17 Sep 2004||20 Sep 2004|
|FreeBSD||Unknown||17 Sep 2004||20 Sep 2004|
|Fujitsu||Unknown||17 Sep 2004||20 Sep 2004|
|Hewlett-Packard Company||Unknown||17 Sep 2004||20 Sep 2004|
|IBM||Unknown||17 Sep 2004||20 Sep 2004|
|IBM-zSeries||Unknown||17 Sep 2004||20 Sep 2004|
|IBM eServer||Unknown||17 Sep 2004||20 Sep 2004|
CVSS Metrics (Learn More)
Thanks to Chris Evans for reporting this vulnerability.
This document was written by Will Dormann.
- CVE IDs: CAN-2004-0782
- Date Public: 15 Sep 2004
- Date First Published: 01 Oct 2004
- Date Last Updated: 01 Nov 2004
- Severity Metric: 8.86
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.