tags 339431 + patch thanks On Wed, Nov 16, 2005, Moritz Muehlenhoff wrote: > An integer overflow in gdk-pixbuf's XPM rendering code can be exploited > to overwrite the heap and exploit arbitrary code through crafted images. > Please see > www.idefense.com/application/poi/display?id=339&type=vulnerabilities > for more details.
Redhat's bug report for CVE-2005-3186 with a patch attached: <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171071> Did you identify other packages with a copy of this code? In particular, did you check Gtk 1? The Redhat security advisory also fixes CVE-2005-2975, for which I see no entry in the Debian changelog, could you please investifate on this id and report whether gtk1 and gtk2 are affected for Debian? Redhat's advisories: <http://rhn.redhat.com/errata/RHSA-2005-810.html> <http://rhn.redhat.com/errata/RHSA-2005-811.html> Redhat bug for CVE-2005-2975 with two patches attached: <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900> Cheers, -- Loïc Minier <[EMAIL PROTECTED]> "What do we want? BRAINS! When do we want it? BRAINS!"