Info

Disclosure

Sep 16, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in GdkPixbuf. GdkPixbuf fails to properly validate input in the ICO image decoding functionality resulting in a integer overflow. With a specially crafted request, an attacker can cause a DoS on the affected application resulting in a loss of availability.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. Apply the appropriate operating system vendor upgrade, as it has been reported to fix this vulnerability.

Products

GNOME Project

GdkPixbuf

0.x

GTK+ Team

GTK+

2.x

References

Security Tracker: 1011285
Secunia Advisory ID: 12542 12543 12545 12548 12550 12551 12564 12568 12615 17657
CVE ID: 2004-0788 (see also: NVD)
Related OSVDB ID: 9996 9997 9998
Other Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:214
http://security.gentoo.org/glsa/glsa-200409-28.xml
http://www.debian.org/security/2004/dsa-546
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:095
Keyword: MDKSA-2004:095,DSA-546
RedHat RHSA: RHSA-2004:447 RHSA-2004:466

Credit

Chris Evans - chrisscary.beasts.org -

Direct URL: http://osvdb.org/36218