| Description: | Description:
The remote host is missing updates announced in
advisory RHSA-2004:447.
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment.
During testing of a previously fixed flaw in Qt (CVE-2004-0691), a flaw was
discovered in the BMP image processor of gdk-pixbuf. An attacker could
create a carefully crafted BMP file which would cause an application
to enter an infinite loop and not respond to user input when the file was
opened by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0753 to this issue.
During a security audit, Chris Evans discovered a stack and a heap overflow
in the XPM image decoder. An attacker could create a carefully crafted XPM
file which could cause an application linked with gtk2 to crash or possibly
execute arbitrary code when the file was opened by a victim.
(CVE-2004-0782, CVE-2004-0783)
Chris Evans also discovered an integer overflow in the ICO image decoder.
An attacker could create a carefully crafted ICO file which could cause an
application linked with gtk2 to crash when the file is opened by a victim.
(CVE-2004-0788)
Users of gdk-pixbuf are advised to upgrade to these packages, which
contain backported patches and are not vulnerable to these issues.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2004-447.html
http://bugzilla.gnome.org/show_bug.cgi?id=150601
Risk factor : High
CVSS Score:
7.5
|
