| Vulnerability Name: | CVE-2005-3186 (CCN-23083) | ||||||||||||||||||||||||||||
| Assigned: | 2005-11-03 | ||||||||||||||||||||||||||||
| Published: | 2005-11-03 | ||||||||||||||||||||||||||||
| Updated: | 2018-10-19 | ||||||||||||||||||||||||||||
| Summary: | Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow. | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
| References: | Source: CCN Type: ftp.gtk.org Web site FTP directory /pub/gtk/v2.8/ at ftp.gtk.org Source: SCO Type: UNKNOWN SCOSA-2006.8 Source: CCN Type: Neohapsis BugTraq Message #0218 [USN-216-1] GDK vulnerabilities Source: MITRE Type: CNA CVE-2005-3186 Source: CCN Type: RHSA-2005-810 gdk-pixbuf security update Source: CCN Type: RHSA-2005-811 gtk2 security update Source: CCN Type: SA17522 GTK+ GdkPixbuf XPM Image Rendering Library Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 17522 Source: SECUNIA Type: UNKNOWN 17538 Source: SECUNIA Type: UNKNOWN 17562 Source: SECUNIA Type: UNKNOWN 17588 Source: SECUNIA Type: UNKNOWN 17591 Source: SECUNIA Type: UNKNOWN 17592 Source: SECUNIA Type: UNKNOWN 17594 Source: SECUNIA Type: UNKNOWN 17615 Source: SECUNIA Type: UNKNOWN 17657 Source: CCN Type: SA17710 Avaya Products GdkPixbuf XPM Image Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 17710 Source: SECUNIA Type: UNKNOWN 17770 Source: SECUNIA Type: UNKNOWN 17791 Source: SECUNIA Type: UNKNOWN 18509 Source: SREASON Type: UNKNOWN 188 Source: CCN Type: SECTRACK ID: 1015216 gdk-pixbuf Bugs in Processing XPM Images Let Remote Users Deny Service or Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015216 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf Source: DEBIAN Type: UNKNOWN DSA-911 Source: DEBIAN Type: UNKNOWN DSA-913 Source: DEBIAN Type: DSA-911 gtk+2.0 -- several vulnerabilities Source: DEBIAN Type: DSA-913 gdk-pixbuf -- several vulnerabilities Source: CCN Type: GLSA-200511-14 GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200511-14 Source: IDEFENSE Type: Patch, Vendor Advisory 20051115 Multiple Vendor GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerability Source: CCN Type: iDEFENSE Security Advisory 11.15.05 Multiple Vendor GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerabilit Source: MANDRIVA Type: UNKNOWN MDKSA-2005:214 Source: SUSE Type: UNKNOWN SUSE-SA:2005:065 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2005:810 Source: REDHAT Type: UNKNOWN RHSA-2005:811 Source: FEDORA Type: UNKNOWN FLSA:173274 Source: BID Type: UNKNOWN 15435 Source: CCN Type: BID-15435 GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability Source: CCN Type: TLSA-2005-98 Integer overflow Source: CCN Type: TLSA-2005-99 Two vulnerabilities discovered in gtk2 Source: CCN Type: USN-216-1 GDK vulnerabilities Source: UBUNTU Type: UNKNOWN USN-216-1 Source: VUPEN Type: UNKNOWN ADV-2005-2433 Source: XF Type: UNKNOWN gtk-xpm-ncol-bo(23083) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9503 Source: SUSE Type: SUSE-SA:2005:065 gtk2 gdk-pixbuf: remote code execution | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||