A stack overflow vulnerability exists in the XPM handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition or execution of arbitrary code.
GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user interfaces. It is used by the Gnome desktop and other applications. GdkPixbuf contains a stack overflow vulnerability in the xpm_extract_color() function of the XPM loading routine.
By convincing the user to open a specially crafted XPM file, an attacker could cause a denial of service by crashing the application that uses GdkPixbuf. It may also be possible to execute arbitrary code with the permissions of that application.
Apply a patch from your vendor
For vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document.
Apple Computer Inc. Not Affected
Hitachi Not Affected
Cray Inc. Unknown
EMC Corporation Unknown
Hewlett-Packard Company Unknown
IBM eServer Unknown
Ingrian Networks Unknown
Juniper Networks Unknown
MontaVista Software Unknown
NEC Corporation Unknown
Openwall GNU/*/Linux Unknown
Sony Corporation Unknown
SuSE Inc. Unknown
Sun Microsystems Inc. Unknown
Wind River Systems Inc. Unknown
Thanks to Chris Evans for reporting this vulnerability.
This document was written by Will Dormann.
|Date First Published:||2004-10-01|
|Date Last Updated:||2004-10-28 13:57 UTC|