Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 86979

Summary: {media-libs/gdk-pixbuf|x11-libs/gtk+} bmp crashes (CAN-2005-0891)
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: adirab, gnome
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://bugzilla.gnome.org/show_bug.cgi?id=171707
Whiteboard:
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-03-28 07:53:14 UTC 
Discovered by Matthias Clasen <mclasen@redhat.com>

The gdk-pixbuf bmp loader can be tricked into a double free, see
http://bugzilla.gnome.org/show_bug.cgi?id=171707
Demo image here: 
http://bugzilla.gnome.org/attachment.cgi?id=39270&action=view

This probably affects all version of gtk we ship. I haven't checked
if it also affects the standalone gdk-pixbuf package.

The bug http://bugzilla.gnome.org/show_bug.cgi?id=150664
has a collection of valid and invalid bmp test images in an attachment
(http://bugzilla.gnome.org/attachment.cgi?id=39312&action=view)
which we might want to give to QA for checking our other image
loaders...
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-03-29 08:14:54 UTC 
Foser please verify and advise.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-03-29 08:26:12 UTC 
CAN-2005-0891

"The codepath seems to be free once, start cleaning up, free again, so it's going to be a DoS rather than allow arbitrary code execution."
Comment 3 foser (RETIRED) gentoo-dev 2005-03-29 15:36:37 UTC 
well yeah, easy to reproduce.

I will patch gtk+ and gdk-pixbuf (both are affected) tomorrow.
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2005-03-30 00:17:37 UTC 
It sure needs a fix, but not sure it needs a GLSA... Crashing upon viewing a file (with no possibility of code execution) is more a bug than a DoS attack, unless you can find services that rely on BMP decoding by gtk+...
Comment 5 foser (RETIRED) gentoo-dev 2005-03-30 02:03:35 UTC 
Added media-libs/gdk-pixbuf-0.22.0-r4 & x11-libs/gtk+-2.6.4-r1 with fixes and marked stable x86.

I think the worst you could do with this is crash a few browsers/mail applications that use gtkhtml for example.
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-04-01 01:50:21 UTC 
Dropping this as a non-security issue, and considering it fixed.
Reopen if you disagree.
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2005-06-10 07:09:45 UTC 
*** Bug 94922 has been marked as a duplicate of this bug. ***