Vulnerability Name:

CVE-2005-2976 (CCN-23090)

Assigned:2005-11-15
Published:2005-11-15
Updated:2023-08-03
Summary:
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: ftp.gtk.org Web site
FTP directory /pub/gtk/v2.8/ at ftp.gtk.org

Source: CCN
Type: Neohapsis BugTraq Message #0218
[USN-216-1] GDK vulnerabilities

Source: MITRE
Type: CNA
CVE-2005-2976

Source: CCN
Type: RHSA-2005-810
gdk-pixbuf security update

Source: CCN
Type: SA17522
GTK+ GdkPixbuf XPM Image Rendering Library Multiple Vulnerabilities

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: SA17710
Avaya Products GdkPixbuf XPM Image Multiple Vulnerabilities

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: SECTRACK ID: 1015216
gdk-pixbuf Bugs in Processing XPM Images Let Remote Users Deny Service or Execute Arbitrary Code

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: DEBIAN
Type: DSA-911
gtk+2.0 -- several vulnerabilities

Source: DEBIAN
Type: DSA-913
gdk-pixbuf -- several vulnerabilities

Source: CCN
Type: GLSA-200511-14
GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: iDEFENSE Security Advisory 11.15.05
Multiple Vendor GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerabilit

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: CCN
Type: BID-15428
GDK-Pixbuf XPM Images Integer Overflow Vulnerability

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: CCN
Type: TLSA-2005-98
Integer overflow

Source: CCN
Type: USN-216-1
GDK vulnerabilities

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link, Vendor Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
gtk-xpm-attributes-bo(23090)

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: SUSE
Type: SUSE-SA:2005:065
gtk2 gdk-pixbuf: remote code execution

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20052976
    V
    		CVE-2005-2976
    2015-11-16
    oval:org.mitre.oval:def:11370
    V
    		Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
    2013-04-29
    oval:org.debian:def:913
    V
    		several vulnerabilities
    2005-12-01
    oval:org.debian:def:911
    V
    		several vulnerabilities
    2005-11-29
    oval:com.redhat.rhsa:def:20050810
    P
    		RHSA-2005:810: gdk-pixbuf security update (Important)
    2005-11-15
    BACK