FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0783

This CVE name corresponds to:

Entered Topic
2004-09-15 gdk-pixbuf -- image decoding vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0783 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0783
Phase Assigned(20040817)

Description

Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).

References

Source Reference
BUGTRAQ 20040915 CESA-2004-005: gtk+ XPM decoder
MISC http://scary.beasts.org/security/CESA-2004-005.txt
CONECTIVA CLA-2004:875
FEDORA FLSA:2005
FEDORA FLSA-2005:155510
MANDRAKE MDKSA-2004:095
MANDRAKE MDKSA-2004:096
MANDRIVA MDKSA-2005:214
REDHAT RHSA-2004:447
REDHAT RHSA-2004:466
SUNALERT 101776
CERT-VN VU#369358
BID 11195
OVAL oval:org.mitre.oval:def:1786
OVAL oval:org.mitre.oval:def:9348
SECUNIA 17657
XF gtk-xpm-xpmextractcolor-bo(17385)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.