Detections
Analytics
Mandrake Linux Security Advisory : gdk-pixbuf (MDKSA-2005:214)
high Nessus Plugin ID 20446
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
A heap overflow vulnerability in the GTK+ gdk-pixbuf XPM image rendering library could allow for arbitrary code execution. This allows an attacker to provide a carefully crafted XPM image which could possibly allow for arbitrary code execution in the context of the user viewing the image. (CVE-2005-3186)Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. (CVE-2005-2976)
Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. (CVE-2005-2975)
The gtk+2.0 library also contains the same gdk-pixbuf code with the same vulnerability.
The Corporate Server 2.1 packages have additional patches to address CVE-2004-0782,0783,0788 (additional XPM/ICO image issues), CVE-2004-0753 (BMP image issues) and CVE-2005-0891 (additional BMP issues). These were overlooked on this platform with earlier updates.
The updated packages have been patched to correct these issues.
Solution
Update the affected packages.Plugin Details
Severity: High
ID: 20446
File Name: mandrake_MDKSA-2005-214.nasl
Version: 1.17
Type: local
Family: Mandriva Local Security Checks
Published: 1/15/2006
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: High
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:lib64gdk-pixbuf-xlib2, p-cpe:/a:mandriva:linux:gdk-pixbuf-loaders, p-cpe:/a:mandriva:linux:libgtk%2b2.0_0-devel, p-cpe:/a:mandriva:linux:libgdk-pixbuf2, p-cpe:/a:mandriva:linux:lib64gdk-pixbuf2-devel, p-cpe:/a:mandriva:linux:libgdk_pixbuf2.0_0, cpe:/o:mandriva:linux:2006, p-cpe:/a:mandriva:linux:libgdk-pixbuf2-devel, p-cpe:/a:mandriva:linux:lib64gdk-pixbuf2, p-cpe:/a:mandriva:linux:lib64gtk%2b2.0_0, p-cpe:/a:mandriva:linux:libgtk%2b2.0_0, p-cpe:/a:mandriva:linux:lib64gdk_pixbuf2.0_0, p-cpe:/a:mandriva:linux:libgtk%2b-x11-2.0_0, p-cpe:/a:mandriva:linux:libgdk-pixbuf-xlib2, p-cpe:/a:mandriva:linux:lib64gdk_pixbuf2.0_0-devel, p-cpe:/a:mandriva:linux:libgdk_pixbuf2.0_0-devel, p-cpe:/a:mandriva:linux:lib64gtk%2b2.0_0-devel, p-cpe:/a:mandriva:linux:libgdk-pixbuf-gnomecanvas1, p-cpe:/a:mandriva:linux:lib64gtk%2b-x11-2.0_0, p-cpe:/a:mandriva:linux:lib64gdk-pixbuf-gnomecanvas1, x-cpe:/o:mandrakesoft:mandrake_linux:le2005, p-cpe:/a:mandriva:linux:gtk%2b2.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 11/18/2005
Reference Information
CVE: CVE-2004-0753, CVE-2004-0782, CVE-2004-0783, CVE-2004-0788, CVE-2005-0891, CVE-2005-2975, CVE-2005-2976, CVE-2005-3186
CWE: 119
MDKSA: 2005:214