|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200511-14] GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities Vulnerability Scan
Vulnerability Scan Summary GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200511-14
(GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities)
iDEFENSE reported a possible heap overflow in the XPM loader
(CVE-2005-3186). Upon further inspection, Ludwig Nussel discovered two
additional issues in the XPM processing functions : an integer overflow
(CVE-2005-2976) that affects only gdk-pixbuf, and an infinite loop
(CVE-2005-2975).
Impact
Using a specially crafted XPM image a possible hacker could cause an
affected application to enter an infinite loop or trigger the
overflows, potentially allowing the execution of arbitrary code.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186
http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities
Solution:
All GTK+ 2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose x11-libs/gtk+
All GdkPixbuf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/gdk-pixbuf-0.22.0-r5"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|