Mandrake Linux Security Advisory : gdk-pixbuf/gtk+2 (MDKSA-2004:095-1)

high Nessus Plugin ID 14751

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image could send the bmp loader into an infinite loop (CVE-2004-0753).

Chris Evans found a heap-based overflow and a stack-based overflow in the xpm loader of gdk-pixbuf (CVE-2004-0782 and CVE-2004-0783).

Chris Evans also discovered an integer overflow in the ico loader of gdk-pixbuf (CVE-2004-0788).

All four problems have been corrected in these updated packages.

Update :

The previous package had an incorrect patch applied that would cause some problems with other programs. The updated packages have the correct patch applied.

As well, patched gtk+2 packages, which also contain gdk-pixbuf, are now provided.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 14751

File Name: mandrake_MDKSA-2004-095.nasl

Version: 1.20

Type: local

Published: 9/16/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gdk-pixbuf-loaders, p-cpe:/a:mandriva:linux:gtk%2b2.0, p-cpe:/a:mandriva:linux:lib64gdk-pixbuf-gnomecanvas1, p-cpe:/a:mandriva:linux:lib64gdk-pixbuf-xlib2, p-cpe:/a:mandriva:linux:lib64gdk-pixbuf2, p-cpe:/a:mandriva:linux:lib64gdk-pixbuf2-devel, p-cpe:/a:mandriva:linux:lib64gdk_pixbuf2.0_0, p-cpe:/a:mandriva:linux:lib64gdk_pixbuf2.0_0-devel, p-cpe:/a:mandriva:linux:lib64gtk%2b-linuxfb-2.0_0, p-cpe:/a:mandriva:linux:lib64gtk%2b-linuxfb-2.0_0-devel, p-cpe:/a:mandriva:linux:lib64gtk%2b-x11-2.0_0, p-cpe:/a:mandriva:linux:lib64gtk%2b2.0_0, p-cpe:/a:mandriva:linux:lib64gtk%2b2.0_0-devel, p-cpe:/a:mandriva:linux:libgdk-pixbuf-gnomecanvas1, p-cpe:/a:mandriva:linux:libgdk-pixbuf-xlib2, p-cpe:/a:mandriva:linux:libgdk-pixbuf2, p-cpe:/a:mandriva:linux:libgdk-pixbuf2-devel, p-cpe:/a:mandriva:linux:libgdk_pixbuf2.0_0, p-cpe:/a:mandriva:linux:libgdk_pixbuf2.0_0-devel, p-cpe:/a:mandriva:linux:libgtk%2b-linuxfb-2.0_0, p-cpe:/a:mandriva:linux:libgtk%2b-linuxfb-2.0_0-devel, p-cpe:/a:mandriva:linux:libgtk%2b-x11-2.0_0, p-cpe:/a:mandriva:linux:libgtk%2b2.0_0, p-cpe:/a:mandriva:linux:libgtk%2b2.0_0-devel, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 9/17/2004

Reference Information

CVE: CVE-2004-0753, CVE-2004-0782, CVE-2004-0783, CVE-2004-0788

MDKSA: 2004:095-1