| Description: | Description:
The remote host is missing updates announced in
advisory FLSA-2005:2005.
Thomas Kristensen discovered a bitmap file that would cause the
Evolution mail reader to crash. This issue was caused by a flaw that
affects versions of the gdk-pixbuf package prior to 0.20. To exploit
this flaw, a remote attacker could send (via email) a carefully-crafted
BMP file, which would cause Evolution to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0111 to this issue.
During testing of a previously fixed flaw in Qt (CVE-2004-0691), a flaw
was discovered in the BMP image processor of gdk-pixbuf. An attacker
could create a carefully crafted BMP file which would cause an
application to enter an infinite loop and not respond to user input when
the file was opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0753 to
this issue.
During a security audit, Chris Evans discovered a stack and a heap
overflow in the XPM image decoder. An attacker could create a carefully
crafted XPM file which could cause an application linked with gtk2 to
crash or possibly execute arbitrary code when the file was opened by a
victim. (CVE-2004-0782, CVE-2004-0783)
Chris Evans also discovered an integer overflow in the ICO image
decoder. An attacker could create a carefully crafted ICO file which
could cause an application linked with gtk2 to crash when the file is
opened by a victim. (CVE-2004-0788)
Users of gdk-pixbuf are advised to upgrade to these packages, which
contain backported patches and are not vulnerable to these issues.
Affected platforms:
Redhat 7.3
Redhat 9
Solution:
http://www.securityspace.com/smysecure/catid.html?in=FLSA-2005:2005
http://bugzilla.gnome.org/show_bug.cgi?id=150601
Risk factor : High
CVSS Score:
7.5
|
