| Vulnerability Name: | CVE-2005-2975 (CCN-23097) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2005-11-15 | ||||||||||||||||||||||||||||||||||||
| Published: | 2005-11-15 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-19 | ||||||||||||||||||||||||||||||||||||
| Summary: | io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-399 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||
| References: | Source: CCN Type: ftp.gtk.org Web site FTP directory /pub/gtk/v2.8/ at ftp.gtk.org Source: CCN Type: Neohapsis BugTraq Message #0218 [USN-216-1] GDK vulnerabilities Source: MITRE Type: CNA CVE-2005-2975 Source: CCN Type: RHSA-2005-810 gdk-pixbuf security update Source: CCN Type: RHSA-2005-811 gtk2 security update Source: CCN Type: SA17522 GTK+ GdkPixbuf XPM Image Rendering Library Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 17522 Source: SECUNIA Type: Vendor Advisory 17538 Source: SECUNIA Type: Vendor Advisory 17562 Source: SECUNIA Type: Vendor Advisory 17588 Source: SECUNIA Type: Vendor Advisory 17591 Source: SECUNIA Type: UNKNOWN 17592 Source: SECUNIA Type: Vendor Advisory 17594 Source: SECUNIA Type: Vendor Advisory 17615 Source: SECUNIA Type: Vendor Advisory 17657 Source: CCN Type: SA17710 Avaya Products GdkPixbuf XPM Image Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 17710 Source: SECUNIA Type: Vendor Advisory 17770 Source: SECUNIA Type: Vendor Advisory 17791 Source: CCN Type: SECTRACK ID: 1015216 gdk-pixbuf Bugs in Processing XPM Images Let Remote Users Deny Service or Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015216 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf Source: DEBIAN Type: UNKNOWN DSA-911 Source: DEBIAN Type: UNKNOWN DSA-913 Source: DEBIAN Type: DSA-911 gtk+2.0 -- several vulnerabilities Source: DEBIAN Type: DSA-913 gdk-pixbuf -- several vulnerabilities Source: CCN Type: GLSA-200511-14 GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200511-14 Source: CCN Type: iDEFENSE Security Advisory 11.15.05 Multiple Vendor GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerabilit Source: MANDRIVA Type: UNKNOWN MDKSA-2005:214 Source: SUSE Type: UNKNOWN SUSE-SA:2005:065 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2005:810 Source: REDHAT Type: UNKNOWN RHSA-2005:811 Source: FEDORA Type: UNKNOWN FLSA:173274 Source: BID Type: UNKNOWN 15429 Source: CCN Type: BID-15429 GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service Vulnerability Source: CCN Type: TLSA-2005-99 Two vulnerabilities discovered in gtk2 Source: CCN Type: USN-216-1 GDK vulnerabilities Source: UBUNTU Type: UNKNOWN USN-216-1 Source: VUPEN Type: Vendor Advisory ADV-2005-2433 Source: XF Type: UNKNOWN gtk-xpm-colors-dos(23097) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9697 Source: SUSE Type: SUSE-SA:2005:065 gtk2 gdk-pixbuf: remote code execution | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||