(Fedora Issues Fix for FC1) gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1011315 |
|
SecurityTracker URL: http://securitytracker.com/id/1011315
|
|
CVE Reference:
CVE-2004-0753, CVE-2004-0782, CVE-2004-0783, CVE-2004-0788
(Links to External Site)
|
Date: Sep 16 2004
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 0.22 and prior versions
|
Description:
Several vulnerabilities were reported in gdk-pixbug. A remote user can create a specially crafted image file that, when processed by an application using gdk-pixbug, will cause the application to crash or potentially execute arbitrary code.
Mandrake and Red Hat reported that a remote user can create a specially crafted BMP image file that will cause gdk-pixbug to enter an infinite loop [CVE-2004-0753].
It is also reported that Chris Evans discovered several overflows. A heap-based overflow and a stack-based overflow reside in the xpm loader [CVE-2004-0782, CVE-2004-0783]. An integer overflow resides in the ico loader [CVE-2004-0788]. A remote user may be able to trigger the overflows to cause an application that uses gdk-pixbug to crash or possibly execute arbitrary code.
|
Impact:
A remote user may be able to cause an application using gdk-pixbug to crash or potentially execute arbitrary code with the privileges of the application.
|
Solution:
Fedora has released a fix, available at:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
d4ae88a59943ed19fb84c197b3800a43 SRPMS/gtk2-2.2.4-10.src.rpm
cc87e91fff48e744beda9e0f3cbb9d22 x86_64/gtk2-2.2.4-10.x86_64.rpm
eb595b4bd917e25abf6e7730bedcf5e0 x86_64/gtk2-devel-2.2.4-10.x86_64.rpm
85d64ebbf05e414c69d05195fc213704 x86_64/debug/gtk2-debuginfo-2.2.4-10.x86_64.rpm
04c0745cf4dde875344ed93ab38dae8a x86_64/gtk2-2.2.4-10.i386.rpm
04c0745cf4dde875344ed93ab38dae8a i386/gtk2-2.2.4-10.i386.rpm
d66eac1eb88431474a089dee707eb0fc i386/gtk2-devel-2.2.4-10.i386.rpm
3d7cf237b8c83d0de2cc74c3c4060567 i386/debug/gtk2-debuginfo-2.2.4-10.i386.rpm
|
Vendor URL: ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/ (Links to External Site)
|
Cause:
Boundary error, State error
|
Underlying OS:
Linux (Red Hat Fedora)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 15 Sep 2004 12:27:12 -0400
Subject: [SECURITY] Fedora Core 1 Update: gtk2-2.2.4-10
|
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-288
2004-09-15
---------------------------------------------------------------------
Product : Fedora Core 1
Name : gtk2
Version : 2.2.4
Release : 10
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for
X.
Description :
GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.
---------------------------------------------------------------------
Update Information:
During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw
was
discovered in the BMP image processor of gtk2. An attacker could create
a
carefully crafted BMP file which would cause an application to enter an
infinite loop and not respond to user input when the file was opened by
a
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0753 to this issue.
During a security audit Chris Evans discovered a stack and a heap
overflow
in the XPM image decoder. An attacker could create a carefully crafted
XPM
file which could cause an application linked with gtk2 to crash or
possibly
execute arbitrary code when the file was opened by a victim.
(CAN-2004-0782, CAN-2004-0783)
Chris Evans also discovered an integer overflow in the ICO image
decoder.
An attacker could create a carefully crafted ICO file which could cause
an
application linked with gtk2 to crash when the file was opened by a
victim.
(CAN-2004-0788)
---------------------------------------------------------------------
* Fri Sep 03 2004 Matthias Clasen <mclasen@redhat.com> - 2.2.4-10
- Fix issues in the xpm and ico loaders
found by Chris Evans (#130711)
* Fri Aug 20 2004 Owen Taylor <otaylor@redhat.com> - 2.2.4-7.1
- Fix problem with infinite loop on bad BMP data (#130450,
test BMP from Chris Evans, fix from Manish Singh)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
d4ae88a59943ed19fb84c197b3800a43 SRPMS/gtk2-2.2.4-10.src.rpm
cc87e91fff48e744beda9e0f3cbb9d22 x86_64/gtk2-2.2.4-10.x86_64.rpm
eb595b4bd917e25abf6e7730bedcf5e0 x86_64/gtk2-devel-2.2.4-10.x86_64.rpm
85d64ebbf05e414c69d05195fc213704
x86_64/debug/gtk2-debuginfo-2.2.4-10.x86_64.rpm
04c0745cf4dde875344ed93ab38dae8a x86_64/gtk2-2.2.4-10.i386.rpm
04c0745cf4dde875344ed93ab38dae8a i386/gtk2-2.2.4-10.i386.rpm
d66eac1eb88431474a089dee707eb0fc i386/gtk2-devel-2.2.4-10.i386.rpm
3d7cf237b8c83d0de2cc74c3c4060567
i386/debug/gtk2-debuginfo-2.2.4-10.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
|
|
