SecurityTracker.com Archives - (Fedora Issues Fix for FC2) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > gdk-pixbuf

Vendors: GNU [multiple authors]

(Fedora Issues Fix for FC2) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1011301

SecurityTracker URL: http://securitytracker.com/id?1011301

CVE Reference: CAN-2004-0753 (Links to External Site)

Date: Sep 16 2004

Impact: Denial of service via network, Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 0.22 and prior versions

Description: Several vulnerabilities were reported in gdk-pixbug. A remote user can create a specially crafted image file that, when processed by an application using gdk-pixbug, will cause the application to crash or potentially execute arbitrary code.

Mandrake and Red Hat reported that a remote user can create a specially crafted BMP image file that will cause gdk-pixbug to enter an infinite loop [CVE: CAN-2004-0753].

It is also reported that Chris Evans discovered several overflows. A heap-based overflow and a stack-based overflow reside in the xpm loader [CVE: CAN-2004-0782, CAN-2004-0783]. An integer overflow resides in the ico loader [CVE: CAN-2004-0788]. A remote user may be able to trigger the overflows to cause an application that uses gdk-pixbug to crash or possibly execute arbitrary code.

Impact: A remote user may be able to cause an application using gdk-pixbug to crash or potentially execute arbitrary code with the privileges of the application.

Solution: Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

df423014919ec5696f889ac6f4787746 SRPMS/gdk-pixbuf-0.22.0-11.2.3.src.rpm
b0c43651dc3ce287199500dfcc2f0587 x86_64/gdk-pixbuf-0.22.0-11.2.3.x86_64.rpm
7e7fc5ed5415290c782869c4b4891cbf x86_64/gdk-pixbuf-devel-0.22.0-11.2.3.x86_64.rpm
144f31eb04ea373b7e03c7c0478956e9 x86_64/gdk-pixbuf-gnome-0.22.0-11.2.3.x86_64.rpm
3eab7a99d72773cc58f9ae76020170d7 x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.3.x86_64.rpm
7191295371d1375fa214aae40ed552ad i386/gdk-pixbuf-0.22.0-11.2.3.i386.rpm
1312362346782b79454397d5116c3401 i386/gdk-pixbuf-devel-0.22.0-11.2.3.i386.rpm
26640728f906fbc08f11302aea0c551d i386/gdk-pixbuf-gnome-0.22.0-11.2.3.i386.rpm
5e6d6f574976df72d29a33e19e178aaa i386/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.3.i386.rpm

Vendor URL: ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/ (Links to External Site)

Cause: Boundary error, State error

Underlying OS: Linux (Red Hat Fedora)

Underlying OS Comments: FC2

Reported By: Matthias Clasen <mclasen@redhat.com>

Message History: This archive entry is a follow-up to the message listed below.

Sep 15 2004

gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code

Source Message Contents

Date: Wed, 15 Sep 2004 12:28:04 -0400
From: Matthias Clasen <mclasen@redhat.com>
Subject: [SECURITY] Fedora Core 2 Update: gdk-pixbuf-0.22.0-11.2.3

 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-287
2004-09-15
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : gdk-pixbuf
Version     : 0.22.0                      
Release     : 11.2.3                  
Summary     : An image loading library used with GNOME.
Description :
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.

---------------------------------------------------------------------
Update Information:

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw
was
discovered in the BMP image processor of gdk-pixbuf. An attacker could
create a carefully crafted BMP file which would cause an application
to enter an infinite loop and not respond to user input when the file
was
opened by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0753 to this issue.

During a security audit, Chris Evans discovered a stack and a heap
overflow
in the XPM image decoder. An attacker could create a carefully crafted
XPM
file which could cause an application linked with gtk2 to crash or
possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image
decoder.
An attacker could create a carefully crafted ICO file which could cause
an
application linked with gtk2 to crash when the file is opened by a
victim.
(CAN-2004-0788)

---------------------------------------------------------------------
* Tue Sep 07 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.2.3

- Rebuild for FC2

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.2.2

- Rebuild for FC1

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-11.1.3

- Rebuild for RHEL3

* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> -
1:0.22.0-11.1.2E

- Fix issues in the xpm and ico loaders
  found by Chris Evans (#130711)

* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 1:0.22.0-10.0.2E

- Fix problem with infinite loop on bad BMP data (#130455,
  test BMP from Chris Evans, fix from Manish Singh)

* Sun Aug 15 2004 Tim Waugh <twaugh@redhat.com> 1:0.22.0-9

- Fixed underquoted m4 definition.

* Mon Jun 21 2004 Matthias Clasen <mclasen@redhat.com>

- Make build

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Fri Mar 05 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.3

- Include /usr/lib/*.la for AS2.1

* Fri Mar 05 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.2E

- Add some additional defines to work with 2.1AS

* Thu Mar 04 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.1.1

- Bump and rebuild

* Thu Mar 04 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.1.0

- Redo package to build without libtool-1.5 patch

* Wed Mar 03 2004 Owen Taylor <otaylor@redhat.com> 1:0.22.0-6.0.0

- Add a couple of bug-fixes backported from GTK+-2.x


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

df423014919ec5696f889ac6f4787746  SRPMS/gdk-pixbuf-0.22.0-11.2.3.src.rpm
b0c43651dc3ce287199500dfcc2f0587 
x86_64/gdk-pixbuf-0.22.0-11.2.3.x86_64.rpm
7e7fc5ed5415290c782869c4b4891cbf 
x86_64/gdk-pixbuf-devel-0.22.0-11.2.3.x86_64.rpm
144f31eb04ea373b7e03c7c0478956e9 
x86_64/gdk-pixbuf-gnome-0.22.0-11.2.3.x86_64.rpm
3eab7a99d72773cc58f9ae76020170d7 
x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.3.x86_64.rpm
7191295371d1375fa214aae40ed552ad  i386/gdk-pixbuf-0.22.0-11.2.3.i386.rpm
1312362346782b79454397d5116c3401 
i386/gdk-pixbuf-devel-0.22.0-11.2.3.i386.rpm
26640728f906fbc08f11302aea0c551d 
i386/gdk-pixbuf-gnome-0.22.0-11.2.3.i386.rpm
5e6d6f574976df72d29a33e19e178aaa 
i386/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------




--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2004, SecurityGlobal.net LLC