Mandrake Linux Security Advisory : gdk-pixbuf/gtk+2 (MDKSA-2004:095-1)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP
image could send the bmp loader into an infinite loop (CVE-2004-0753).

Chris Evans found a heap-based overflow and a stack-based overflow in
the xpm loader of gdk-pixbuf (CVE-2004-0782 and CVE-2004-0783).

Chris Evans also discovered an integer overflow in the ico loader of
gdk-pixbuf (CVE-2004-0788).

All four problems have been corrected in these updated packages.

Update :

The previous package had an incorrect patch applied that would cause
some problems with other programs. The updated packages have the
correct patch applied.

As well, patched gtk+2 packages, which also contain gdk-pixbuf, are
now provided.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14751 (mandrake_MDKSA-2004-095.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0753
CVE-2004-0782
CVE-2004-0783
CVE-2004-0788

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now