Detections
Analytics
Debian DSA-913-1 : gdk-pixbuf - several vulnerabilities
high Nessus Plugin ID 22779
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities have been found in gdk-pixbuf, the Gtk+ GdkPixBuf XPM image rendering library. The Common Vulnerabilities and Exposures project identifies the following problems :- CVE-2005-2975 Ludwig Nussel discovered an infinite loop when processing XPM images that allows an attacker to cause a denial of service via a specially crafted XPM file.
- CVE-2005-2976 Ludwig Nussel discovered an integer overflow in the way XPM images are processed that could lead to the execution of arbitrary code or crash the application via a specially crafted XPM file.
- CVE-2005-3186 'infamous41md' discovered an integer in the XPM processing routine that can be used to execute arbitrary code via a traditional heap overflow.
Solution
Upgrade the gdk-pixbuf packages.The following matrix explains which versions fix these problems :
old stable (woody) stable (sarge) unstable (sid) gdk-pixbuf 0.17.0-2woody3 0.22.0-8.1 0.22.0-11 gtk+2.0 2.0.2-5woody3 2.6.4-3.1 2.6.10-2
See Also
Plugin Details
Severity: High
ID: 22779
File Name: debian_DSA-913.nasl
Version: 1.20
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 10/14/2006
Updated: 1/4/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: cpe:/o:debian:debian_linux:3.0, p-cpe:/a:debian:debian_linux:gdk-pixbuf, cpe:/o:debian:debian_linux:3.1
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 12/1/2005
Vulnerability Publication Date: 11/15/2005
Reference Information
CVE: CVE-2005-2975, CVE-2005-2976, CVE-2005-3186
BID: 15428
DSA: 913