Vulnerability Name: | CVE-2004-0782 (CCN-17385) | ||||||||||||||||||||||||||||||||
Assigned: | 2004-09-15 | ||||||||||||||||||||||||||||||||
Published: | 2004-09-15 | ||||||||||||||||||||||||||||||||
Updated: | 2018-10-19 | ||||||||||||||||||||||||||||||||
Summary: | Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. Note: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2004-0782 Source: CONECTIVA Type: UNKNOWN CLA-2004:875 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2004:875 Fixes for image loading vulnerabilities Source: BUGTRAQ Type: UNKNOWN 20040915 CESA-2004-005: gtk+ XPM decoder Source: CCN Type: RHSA-2004-447 gdk-pixbuf security update Source: CCN Type: RHSA-2004-466 gtk2 security update Source: CCN Type: Scary Beasts Security Advisory CESA-2004-005 gtk+-2.4.4 XPM image decoder parsing flaws Source: MISC Type: UNKNOWN http://scary.beasts.org/security/CESA-2004-005.txt Source: SECUNIA Type: UNKNOWN 17657 Source: SUNALERT Type: UNKNOWN 101776 Source: CCN Type: CIAC Information Bulletin 0-216 "gtk2" Package Vulnerability Source: CCN Type: CIAC Information Bulletin 0-217 "gdk-pixbuf" Package vulnerability Source: DEBIAN Type: UNKNOWN DSA-546 Source: DEBIAN Type: DSA-546 gdk-pixbuf -- several vulnerabilities Source: DEBIAN Type: DSA-549 gtk+ -- several vulnerabilities Source: CCN Type: GLSA-200409-28 GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities Source: CCN Type: GTK+ Web site GTK+ - The GIMP Toolkit Source: CCN Type: US-CERT VU#729894 GdkPixbuf XPM parser contains a heap overflow vulnerability Source: CERT-VN Type: US Government Resource VU#729894 Source: MANDRAKE Type: UNKNOWN MDKSA-2004:095 Source: MANDRIVA Type: UNKNOWN MDKSA-2005:214 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:447 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:466 Source: FEDORA Type: UNKNOWN FLSA-2005:155510 Source: BID Type: UNKNOWN 11195 Source: CCN Type: BID-11195 GDK-Pixbuf Multiple Vulnerabilities Source: FEDORA Type: UNKNOWN FLSA:2005 Source: XF Type: UNKNOWN gtk-xpm-xpmextractcolor-bo(17385) Source: XF Type: UNKNOWN gtk-xpm-pixbufcreatefromxpm-bo(17386) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11539 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1617 Source: SUSE Type: SUSE-SA:2004:032 apache2: remote denial-of-service Source: SUSE Type: SUSE-SA:2004:033 gtk2 gdk-pixbuf: remote code execution Source: SUSE Type: SUSE-SR:2004:003 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: ![]() | ||||||||||||||||||||||||||||||||
Vulnerability Name: | CVE-2004-0782 (CCN-17386) | ||||||||||||||||||||||||||||||||
Assigned: | 2004-09-15 | ||||||||||||||||||||||||||||||||
Published: | 2004-09-15 | ||||||||||||||||||||||||||||||||
Updated: | 2004-09-15 | ||||||||||||||||||||||||||||||||
Summary: | Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. Note: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2004-0782 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2004:875 Fixes for image loading vulnerabilities Source: CCN Type: RHSA-2004-447 gdk-pixbuf security update Source: CCN Type: RHSA-2004-466 gtk2 security update Source: CCN Type: CIAC Information Bulletin 0-216 "gtk2" Package Vulnerability Source: CCN Type: CIAC Information Bulletin 0-217 "gdk-pixbuf" Package vulnerability Source: DEBIAN Type: DSA-546 gdk-pixbuf -- several vulnerabilities Source: DEBIAN Type: DSA-549 gtk+ -- several vulnerabilities Source: CCN Type: GLSA-200409-28 GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities Source: CCN Type: GTK+ Web site GTK+ - The GIMP Toolkit Source: CCN Type: US-CERT VU#729894 GdkPixbuf XPM parser contains a heap overflow vulnerability Source: CCN Type: BID-11195 GDK-Pixbuf Multiple Vulnerabilities Source: XF Type: UNKNOWN gtk-xpm-pixbufcreatefromxpm-bo(17386) Source: SUSE Type: SUSE-SA:2004:032 apache2: remote denial-of-service Source: SUSE Type: SUSE-SA:2004:033 gtk2 gdk-pixbuf: remote code execution Source: SUSE Type: SUSE-SR:2004:003 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1: ![]() | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |