SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  GTK+ Vendors:  gtk.org
(Fedora Issues Fix for gtk2 for FC2) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011293
SecurityTracker URL:  http://securitytracker.com/id?1011293
CVE Reference:  CAN-2004-0753   (Links to External Site)
Date:  Sep 15 2004
Impact:  Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 0.22 and prior versions
Description:  Several vulnerabilities were reported in gdk-pixbug. A remote user can create a specially crafted image file that, when processed by an application using gdk-pixbug, will cause the application to crash or potentially execute arbitrary code. gtk2 is affected.

Mandrake and Red Hat reported that a remote user can create a specially crafted BMP image file that will cause gdk-pixbug to enter an infinite loop [CVE: CAN-2004-0753].

It is also reported that Chris Evans discovered several overflows. A heap-based overflow and a stack-based overflow reside in the xpm loader [CVE: CAN-2004-0782, CAN-2004-0783]. An integer overflow resides in the ico loader [CVE: CAN-2004-0788]. A remote user may be able to trigger the overflows to cause an application that uses gdk-pixbug to crash or possibly execute arbitrary code.
Impact:  A remote user may be able to cause an application using gdk-pixbug to crash or potentially execute arbitrary code with the privileges of the application.
Solution:  Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

75a86a6d678f76a2f6238a992463005f SRPMS/gtk2-2.4.7-2.4.src.rpm
f6923be90c1621e83a19df610213ff12 x86_64/gtk2-2.4.7-2.4.x86_64.rpm
e46b3ea2a153749dcf6d5cdf38603ea6 x86_64/gtk2-devel-2.4.7-2.4.x86_64.rpm
81f2cf32b341d60fa766e638624a201c x86_64/debug/gtk2-debuginfo-2.4.7-2.4.x86_64.rpm
b659bb38815921f415c45790d2c4b1c6 x86_64/gtk2-2.4.7-2.4.i386.rpm
b659bb38815921f415c45790d2c4b1c6 i386/gtk2-2.4.7-2.4.i386.rpm
9d38f480c8ccb6857fc6cbdb322ac073 i386/gtk2-devel-2.4.7-2.4.i386.rpm
5099d6ef8357b99e90e9fa2fd9c28695 i386/debug/gtk2-debuginfo-2.4.7-2.4.i386.rpm
Vendor URL:  ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/ (Links to External Site)
Cause:  Boundary error, State error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC2
Reported By:  Matthias Clasen <mclasen@redhat.com>
Message History:   This archive entry is a follow-up to the message listed below.
Sep 15 2004 gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code


 Source Message Contents
Date:  Wed, 15 Sep 2004 12:28:53 -0400
From:  Matthias Clasen <mclasen@redhat.com>
Subject:  [SECURITY] Fedora Core 2 Update: gtk2-2.4.7-2.4

 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-289
2004-09-15
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : gtk2
Version     : 2.4.7                      
Release     : 2.4                  
Summary     : The GIMP ToolKit (GTK+), a library for creating GUIs for
X.
Description :
GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.

---------------------------------------------------------------------
Update Information:

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw
was
discovered in the BMP image processor of gtk2. An attacker could create
 
carefully crafted BMP file which would cause an application to enter an
infinite loop and not respond to user input when the file was opened by
 
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0753 to this issue.

During a security audit Chris Evans discovered a stack and a heap
overflow
in the XPM image decoder. An attacker could create a carefully crafted
XPM
file which could cause an application linked with gtk2 to crash or
possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image
decoder.
An attacker could create a carefully crafted ICO file which could cause
an
application linked with gtk2 to crash when the file was opened by a
victim.
(CAN-2004-0788)

---------------------------------------------------------------------
* Tue Sep 07 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.7-2.4

- Fix issues in the xpm and ico loaders
  found by Chris Evans (#130711)

* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 2.4.7-2.2

- Fix problem with infinite loop on bad BMP data (#130450, 
  test BMP from Chris Evans, fix from Manish Singh)

* Sat Aug 14 2004 Matthias Clasen <mclasen@redhat.com> 2.4.7-1

- update to 2.4.7

* Fri Aug 13 2004 Matthias Clasen <mclasen@redhat.com> 2.4.6-1

- update to 2.4.6
- call libtoolize --force to win .so's back...

* Fri Jul 30 2004 Jonathan Blandford <jrb@redhat.com> 2.4.4-4

- add typeahead patch to GtkTreeView
- automake-1.9

* Tue Jul 27 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-3

- Use -64 suffix on powerpc64.  (#128605)

* Fri Jul 16 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-2

- Fix permissions of gdk-pixbuf-csource script. 
- Escape macros in %changelog

* Fri Jul 09 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.4-1

- Update to 2.4.4

* Thu Jul 08 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-5

- Look for the gtk.immodules file in the right location.  (#127073)

* Thu Jul 08 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-4

- Add a wrapper for gdk-pixbuf-csource.

* Wed Jun 23 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-3

- Don't install testgtk and testtext
- Rename binaries to -32/-64 (#124478)
- Move arch-dependent config files to /etc/gtk-2.0/$host (#124482)
- Add wrappers for updating the arch-dependent config files

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Thu May 20 2004 Matthias Clasen <mclasen@redhat.com> - 2.4.1-1

- Upgrade to 2.4.1


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

75a86a6d678f76a2f6238a992463005f  SRPMS/gtk2-2.4.7-2.4.src.rpm
f6923be90c1621e83a19df610213ff12  x86_64/gtk2-2.4.7-2.4.x86_64.rpm
e46b3ea2a153749dcf6d5cdf38603ea6  x86_64/gtk2-devel-2.4.7-2.4.x86_64.rpm
81f2cf32b341d60fa766e638624a201c 
x86_64/debug/gtk2-debuginfo-2.4.7-2.4.x86_64.rpm
b659bb38815921f415c45790d2c4b1c6  x86_64/gtk2-2.4.7-2.4.i386.rpm
b659bb38815921f415c45790d2c4b1c6  i386/gtk2-2.4.7-2.4.i386.rpm
9d38f480c8ccb6857fc6cbdb322ac073  i386/gtk2-devel-2.4.7-2.4.i386.rpm
5099d6ef8357b99e90e9fa2fd9c28695 
i386/debug/gtk2-debuginfo-2.4.7-2.4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------




--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC