Mandrake Linux Security Advisory : gdk-pixbuf (MDKSA-2005:214)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A heap overflow vulnerability in the GTK+ gdk-pixbuf XPM image
rendering library could allow for arbitrary code execution. This
allows an attacker to provide a carefully crafted XPM image which
could possibly allow for arbitrary code execution in the context of
the user viewing the image. (CVE-2005-3186)

Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf
processes XPM images. An attacker could create a carefully crafted XPM
file in such a way that it could cause an application linked with
gdk-pixbuf to execute arbitrary code or crash when the file was opened
by a victim. (CVE-2005-2976)

Ludwig Nussel also discovered an infinite-loop denial of service bug
in the way gdk-pixbuf processes XPM images. An attacker could create a
carefully crafted XPM file in such a way that it could cause an
application linked with gdk-pixbuf to stop responding when the file
was opened by a victim. (CVE-2005-2975)

The gtk+2.0 library also contains the same gdk-pixbuf code with the
same vulnerability.

The Corporate Server 2.1 packages have additional patches to address
CVE-2004-0782,0783,0788 (additional XPM/ICO image issues),
CVE-2004-0753 (BMP image issues) and CVE-2005-0891 (additional BMP
issues). These were overlooked on this platform with earlier updates.

The updated packages have been patched to correct these issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 20446 (mandrake_MDKSA-2005-214.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0753
CVE-2004-0782
CVE-2004-0783
CVE-2004-0788
CVE-2005-0891
CVE-2005-2975
CVE-2005-2976
CVE-2005-3186

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now