FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0782

This CVE name corresponds to:

Entered Topic
2004-09-15 gdk-pixbuf -- image decoding vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0782 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0782
Phase Assigned(20040817)

Description

Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).

References

Source Reference
BUGTRAQ 20040915 CESA-2004-005: gtk+ XPM decoder
MISC http://scary.beasts.org/security/CESA-2004-005.txt
CONECTIVA CLA-2004:875
DEBIAN DSA-546
FEDORA FLSA:2005
FEDORA FLSA-2005:155510
MANDRAKE MDKSA-2004:095
MANDRIVA MDKSA-2005:214
REDHAT RHSA-2004:447
REDHAT RHSA-2004:466
SUNALERT 101776
CERT-VN VU#729894
BID 11195
OVAL oval:org.mitre.oval:def:1617
OVAL oval:org.mitre.oval:def:11539
SECUNIA 17657
XF gtk-xpm-pixbufcreatefromxpm-bo(17386)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.