TITLE: GTK+ GdkPixbuf XPM Image Rendering Library Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17522 VERIFY ADVISORY: http://secunia.com/advisories/17522/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: GdkPixbuf 0.x http://secunia.com/product/3168/ GTK+ 2.x http://secunia.com/product/3909/ DESCRIPTION: Some vulnerabilities have been reported in GTK+, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. 1) An integer overflow error in "/gtk+/gdk-pixbuf/io-xpm.c" when processing XPM files can be exploited to cause a heap-based buffer overflow. This may be exploited to execute arbitrary code when a specially crafted XPM file is opened in an application that is linked with the library. This may be related to vulnerability #2 in: SA12542 2) An error in "/gtk+/gdk-pixbuf/io-xpm.c" can cause an infinite loop when processing a XPM file with a large number of colours. This can be exploited to cause an application linked with the library to stop responding when a malicious XPM file is opened. 3) An integer overflow error exists in "/gtk+/gdk-pixbuf/io-xpm.c" when performing calculations using the height, width and colours of a XPM file. This may be exploited to execute arbitrary code or to crash an application that is linked with the library when a malicious XPM file is opened. SOLUTION: Restrict use to trusted XPM files only. PROVIDED AND/OR DISCOVERED BY: 1) iDEFENSE. 2-3) Ludwig Nussel. ORIGINAL ADVISORY: Red Hat Bugzilla: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171073 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171904 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900 OTHER REFERENCES: SA12542: http://secunia.com/advisories/12542/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------