| Description: | Description:
The remote host is missing an update to gdk-pixbuf
announced via advisory MDKSA-2005:214.
A heap overflow vulnerability in the GTK+ gdk-pixbuf XPM image
rendering library could allow for arbitrary code execution. This allows
an attacker to provide a carefully crafted XPM image which could
possibly allow for arbitrary code execution in the context of the user
viewing the image. (CVE-2005-3186)
Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf
processes XPM images. An attacker could create a carefully crafted XPM
file in such a way that it could cause an application linked with
gdk-pixbuf to execute arbitrary code or crash when the file was opened
by a victim. (CVE-2005-2976)
Ludwig Nussel also discovered an infinite-loop denial of service bug
in the way gdk-pixbuf processes XPM images. An attacker could create a
carefully crafted XPM file in such a way that it could cause an
application linked with gdk-pixbuf to stop responding when the file was
opened by a victim. (CVE-2005-2975)
The gtk+2.0 library also contains the same gdk-pixbuf code with the
same vulnerability.
The Corporate Server 2.1 packages have additional patches to address
CVE-2004-0782,0783,0788 (additional XPM/ICO image issues),
CVE-2004-0753 (BMP image issues) and CVE-2005-0891 (additional BMP
issues). These were overlooked on this platform with earlier updates.
The updated packages have been patched to correct these issues.
Affected: 10.2, 2006.0, Corporate 2.1, Corporate 3.0
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:214
Risk factor : High
CVSS Score:
7.8
|
