Ryan Murray wrote: > On Wed, Nov 16, 2005 at 11:33:35PM +0100, Moritz Muehlenhoff wrote: > > Debian Bug Tracking System wrote: > > > Changes: > > > gdk-pixbuf (0.22.0-11) unstable; urgency=high > > > . > > > * Fix for integer overflows in io-xpm.c which could be exploited to > > > execute > > > arbitrary code (CVE-2005-2975 and CVE-2005-2976 from > > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900) > > > and Fix for endless loop in io-xpm.c which could cause applications > > > to > > > hang (CVE-2005-3186 from > > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171071) > > > (closes: #339458) > > > > Just for the record; the CVE mappings are not correct: > > The "DoS through endless loop" issue is CVE-2005-2975, the "n_col" integer > > overflow > > is CVE-2005-3186 and the "pixels" integer overflow is CVE-2005-2976. > > My CVE mappings are based on the redhat bugs where I took the patches from.
http://rhn.redhat.com/errata/RHSA-2005-810.html: A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue. Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
