Loic Minier wrote: > > An integer overflow in gdk-pixbuf's XPM rendering code can be exploited > > to overwrite the heap and exploit arbitrary code through crafted images. > > Please see > > www.idefense.com/application/poi/display?id=339&type=vulnerabilities > > for more details. > > Did you identify other packages with a copy of this code? In > particular, did you check Gtk 1?
gdk-pixbuf from GTK1 is affected by CVE-2005-3186; the vulnerable code is present in io-xpm.c:359 > The Redhat security advisory also fixes CVE-2005-2975, for which I see > no entry in the Debian changelog, could you please investifate on this > id and report whether gtk1 and gtk2 are affected for Debian? > > Redhat's advisories: > <http://rhn.redhat.com/errata/RHSA-2005-810.html> > <http://rhn.redhat.com/errata/RHSA-2005-811.html> > > Redhat bug for CVE-2005-2975 with two patches attached: > <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900> This is all for sid: gdk-pixbuf is both vulnerable to the integer overflow in pixels calculation (io-xpm.c:413), as to the endless loop DoS attack (io-xpm:284). gtk+2.0 is not vulnerable to the integer overflow in pixels calculation, as it allocates pixbuf through gdk_pixbuf_new(), but is vulnerable to the endless loop DoS (io-xpm.c:1170). Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]