|
Family: Fedora Local Security Checks --> Category: infos
Fedora Core 4 2005-1085: gdk-pixbuf Vulnerability Scan
Vulnerability Scan Summary Check for the version of the gdk-pixbuf package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory FEDORA-2005-1085 (gdk-pixbuf).
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.
Update Information:
The gdk-pixbuf package contains an image loading library
used with the GNOME GUI desktop environment.
A bug was found in the way gdk-pixbuf processes XPM images.
A possible hacker could create a carefully crafted XPM file in
such a way that it could cause an application linked with
gdk-pixbuf to execute arbitrary code when the file was
opened by a victim. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3186 to this issue.
Ludwig Nussel discovered an integer overflow bug in the way
gdk-pixbuf processes XPM images. A possible hacker could create a
carefully crafted XPM file in such a way that it could cause
an application linked with gdk-pixbuf to execute arbitrary
code or crash when the file was opened by a victim. The
Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-2976 to this issue.
Ludwig Nussel also discovered an infinite-loop denial of
service bug in the way gdk-pixbuf processes XPM images. An
attacker could create a carefully crafted XPM file in such a
way that it could cause an application linked with
gdk-pixbuf to stop responding when the file was opened by a
victim. The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-2975 to this issue.
Users of gdk-pixbuf are advised to upgrade to these updated
packages, which contain backported patches and are not
vulnerable to these issues.
Solution : Get the newest Fedora Updates
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|