Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora Core 2: 2004-289 Critical: gtk2 Image Decoder Issues Explored

fedora
Calendar Grey September 15, 2004
Dist Fedora Esm H88
Critical patch released for gtk2 on Fedora addressing multiple image parsing security flaws, emphasizing risks associated with both stack and heap overflows.
Several vulnerabilities.

Summary

GTK+ is a multi-platform toolkit for creating graphical user

interfaces. Offering a complete set of widgets, GTK+ is suitable for

projects ranging from small one-off tools to complete application

suites.

Update Information:

During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was discovered in the BMP image processor of gtk2. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0753 to this issue.

During a security audit Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CAN-2004-0782, CAN-2004-0783)

Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file was opened by a victim. (CAN-2004-0788)

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory Fedora Core image decoder overflows graphic toolkit

Change Log

References

Fedora Update Notification FEDORA-2004-289 2004-09-15
Product : Fedora Core 2 Name : gtk2 Version : 2.4.7 Release : 2.4 Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X. Description : GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites.

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora Core 2
Name: gtk2
Version: 2.4.7
Release: 2.4
Summary: The GIMP ToolKit (GTK+), a library for creating GUIs for

Topics%20covered

Topics Covered

security advisory Fedora Core image decoder overflows graphic toolkit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here