Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:214: gdk-pixbuf Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the gdk-pixbuf package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:214 (gdk-pixbuf).
A heap overflow vulnerability in the GTK+ gdk-pixbuf XPM image rendering
library could allow for arbitrary code execution. This allows a possible hacker to
provide a carefully crafted XPM image which could possibly allow for arbitrary
code execution in the context of the user viewing the image. (CVE-2005-3186)
Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf
processes XPM images. A possible hacker could create a carefully crafted XPM file in
such a way that it could cause an application linked with gdk-pixbuf to execute
arbitrary code or crash when the file was opened by a victim. (CVE-2005-2976)
Ludwig Nussel also discovered an infinite-loop denial of service bug in the way
gdk-pixbuf processes XPM images. A possible hacker could create a carefully crafted
XPM file in such a way that it could cause an application linked with
gdk-pixbuf to stop responding when the file was opened by a victim.
(CVE-2005-2975) The gtk+2.0 library also contains the same gdk-pixbuf code with
the same vulnerability. The Corporate Server 2.1 packages have additional
patches to address CVE-2004-0782,0783,0788 (additional XPM/ICO image issues),
CVE-2004-0753 (BMP image issues) and CVE-2005-0891 (additional BMP issues).
These were overlooked on this platform with earlier updates. The updated
packages have been patched to correct these issues.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:214
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.