| Description: | Summary:
The remote host is missing an update for the Debian 'gtk+2.0' package(s) announced via the DSA-911-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf XPM image rendering library. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2005-2975
Ludwig Nussel discovered an infinite loop when processing XPM images that allows an attacker to cause a denial of service via a specially crafted XPM file.
CVE-2005-2976
Ludwig Nussel discovered an integer overflow in the way XPM images are processed that could lead to the execution of arbitrary code or crash the application via a specially crafted XPM file.
CVE-2005-3186
'infamous41md' discovered an integer overflow in the XPM processing routine that can be used to execute arbitrary code via a traditional heap overflow.
The following matrix explains which versions fix these problems:
old stable (woody)
stable (sarge)
unstable (sid)
gdk-pixbuf
0.17.0-2woody3
0.22.0-8.1
0.22.0-11
gtk+2.0
2.0.2-5woody3
2.6.4-3.1
2.6.10-2
We recommend that you upgrade your gtk+2.0 packages.
Affected Software/OS:
'gtk+2.0' package(s) on Debian 3.0, Debian 3.1.
Solution:
Please install the updated package(s).
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
