(Fedora Issues Fix for FC1) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1011315
|
|
SecurityTracker URL: http://securitytracker.com/id?1011315
|
|
CVE Reference: CAN-2004-0753
(Links to External Site)
|
Date: Sep 16 2004
|
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 0.22 and prior versions
|
Description: Several vulnerabilities were reported in gdk-pixbug. A remote user can create a specially crafted image file that, when processed
by an application using gdk-pixbug, will cause the application to crash or potentially execute arbitrary code.
Mandrake and Red Hat reported that a remote user can create a specially crafted BMP image file that will cause gdk-pixbug to enter
an infinite loop [CVE: CAN-2004-0753].
It is also reported that Chris Evans discovered several overflows. A heap-based overflow
and a stack-based overflow reside in the xpm loader [CVE: CAN-2004-0782, CAN-2004-0783]. An integer overflow resides in the ico
loader [CVE: CAN-2004-0788]. A remote user may be able to trigger the overflows to cause an application that uses gdk-pixbug to
crash or possibly execute arbitrary code.
|
Impact: A remote user may be able to cause an application using gdk-pixbug to crash or potentially execute arbitrary code with the privileges of the application.
|
Solution: Fedora has released a fix, available at:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
d4ae88a59943ed19fb84c197b3800a43
SRPMS/gtk2-2.2.4-10.src.rpm
cc87e91fff48e744beda9e0f3cbb9d22 x86_64/gtk2-2.2.4-10.x86_64.rpm
eb595b4bd917e25abf6e7730bedcf5e0
x86_64/gtk2-devel-2.2.4-10.x86_64.rpm
85d64ebbf05e414c69d05195fc213704 x86_64/debug/gtk2-debuginfo-2.2.4-10.x86_64.rpm
04c0745cf4dde875344ed93ab38dae8a
x86_64/gtk2-2.2.4-10.i386.rpm
04c0745cf4dde875344ed93ab38dae8a i386/gtk2-2.2.4-10.i386.rpm
d66eac1eb88431474a089dee707eb0fc
i386/gtk2-devel-2.2.4-10.i386.rpm
3d7cf237b8c83d0de2cc74c3c4060567 i386/debug/gtk2-debuginfo-2.2.4-10.i386.rpm
|
Vendor URL: ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/ (Links to External Site)
|
Cause: Boundary error, State error
|
Underlying OS: Linux (Red Hat Fedora)
|
Underlying OS Comments: FC1
|
Reported By: Matthias Clasen <mclasen@redhat.com>
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 15 Sep 2004 12:27:12 -0400
From: Matthias Clasen <mclasen@redhat.com>
Subject: [SECURITY] Fedora Core 1 Update: gtk2-2.2.4-10
|
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-288
2004-09-15
---------------------------------------------------------------------
Product : Fedora Core 1
Name : gtk2
Version : 2.2.4
Release : 10
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for
X.
Description :
GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.
---------------------------------------------------------------------
Update Information:
During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw
was
discovered in the BMP image processor of gtk2. An attacker could create
carefully crafted BMP file which would cause an application to enter an
infinite loop and not respond to user input when the file was opened by
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0753 to this issue.
During a security audit Chris Evans discovered a stack and a heap
overflow
in the XPM image decoder. An attacker could create a carefully crafted
XPM
file which could cause an application linked with gtk2 to crash or
possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)
Chris Evans also discovered an integer overflow in the ICO image
decoder.
An attacker could create a carefully crafted ICO file which could cause
an
application linked with gtk2 to crash when the file was opened by a
victim.
(CAN-2004-0788)
---------------------------------------------------------------------
* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 2.2.4-10
- Fix issues in the xpm and ico loaders
found by Chris Evans (#130711)
* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 2.2.4-7.1
- Fix problem with infinite loop on bad BMP data (#130450,
test BMP from Chris Evans, fix from Manish Singh)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
d4ae88a59943ed19fb84c197b3800a43 SRPMS/gtk2-2.2.4-10.src.rpm
cc87e91fff48e744beda9e0f3cbb9d22 x86_64/gtk2-2.2.4-10.x86_64.rpm
eb595b4bd917e25abf6e7730bedcf5e0 x86_64/gtk2-devel-2.2.4-10.x86_64.rpm
85d64ebbf05e414c69d05195fc213704
x86_64/debug/gtk2-debuginfo-2.2.4-10.x86_64.rpm
04c0745cf4dde875344ed93ab38dae8a x86_64/gtk2-2.2.4-10.i386.rpm
04c0745cf4dde875344ed93ab38dae8a i386/gtk2-2.2.4-10.i386.rpm
d66eac1eb88431474a089dee707eb0fc i386/gtk2-devel-2.2.4-10.i386.rpm
3d7cf237b8c83d0de2cc74c3c4060567
i386/debug/gtk2-debuginfo-2.2.4-10.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
|
|
