National Cyber Awareness System

Vulnerability Summary for CVE-2005-2976

Overview

Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Vendor Statements (disclaimer)

Official Statement from Red Hat (03/14/2007)

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: REDHAT

Name: RHSA-2005:810

Type: Advisory; Patch Information

Hyperlink:http://www.redhat.com/support/errata/RHSA-2005-810.html

External Source: VUPEN

Name: ADV-2005-2433

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2005/2433

External Source: UBUNTU

Name: USN-216-1

Hyperlink:http://www.ubuntu.com/usn/usn-216-1

External Source: BID

Name: 15428

Hyperlink:http://www.securityfocus.com/bid/15428

External Source: FEDORA

Name: FLSA:173274

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/428052/100/0/threaded

External Source: SUSE

Name: SUSE-SA:2005:065

Hyperlink:http://www.novell.com/linux/security/advisories/2005_65_gtk2.html

External Source: MANDRIVA

Name: MDKSA-2005:214

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2005:214

External Source: GENTOO

Name: GLSA-200511-14

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml

External Source: DEBIAN

Name: DSA-913

Hyperlink:http://www.debian.org/security/2005/dsa-913

External Source: DEBIAN

Name: DSA-911

Hyperlink:http://www.debian.org/security/2005/dsa-911

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf

External Source: SECTRACK

Name: 1015216

Hyperlink:http://securitytracker.com/id?1015216

External Source: SECUNIA

Name: 17791

Type: Advisory

Hyperlink:http://secunia.com/advisories/17791

External Source: SECUNIA

Name: 17770

Type: Advisory

Hyperlink:http://secunia.com/advisories/17770

External Source: SECUNIA

Name: 17710

Type: Advisory

Hyperlink:http://secunia.com/advisories/17710

External Source: SECUNIA

Name: 17657

Type: Advisory

Hyperlink:http://secunia.com/advisories/17657

External Source: SECUNIA

Name: 17615

Type: Advisory

Hyperlink:http://secunia.com/advisories/17615

External Source: SECUNIA

Name: 17594

Type: Advisory

Hyperlink:http://secunia.com/advisories/17594

External Source: SECUNIA

Name: 17592

Type: Advisory

Hyperlink:http://secunia.com/advisories/17592

External Source: SECUNIA

Name: 17562

Type: Advisory

Hyperlink:http://secunia.com/advisories/17562

External Source: SECUNIA

Name: 17538

Type: Advisory

Hyperlink:http://secunia.com/advisories/17538

External Source: SECUNIA

Name: 17522

Type: Advisory

Hyperlink:http://secunia.com/advisories/17522

External Source: OVAL

Name: oval:org.mitre.oval:def:11370

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11370

References to Check Content

Identifier:oval:org.mitre.oval:def:11370

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11370