Summary: | {media-libs/gdk-pixbuf|x11-libs/gtk+} bmp crashes (CAN-2005-0891) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | adirab, gnome |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://bugzilla.gnome.org/show_bug.cgi?id=171707 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-03-28 07:53:14 UTC
Foser please verify and advise. CAN-2005-0891 "The codepath seems to be free once, start cleaning up, free again, so it's going to be a DoS rather than allow arbitrary code execution." well yeah, easy to reproduce. I will patch gtk+ and gdk-pixbuf (both are affected) tomorrow. It sure needs a fix, but not sure it needs a GLSA... Crashing upon viewing a file (with no possibility of code execution) is more a bug than a DoS attack, unless you can find services that rely on BMP decoding by gtk+... Added media-libs/gdk-pixbuf-0.22.0-r4 & x11-libs/gtk+-2.6.4-r1 with fixes and marked stable x86. I think the worst you could do with this is crash a few browsers/mail applications that use gtkhtml for example. Dropping this as a non-security issue, and considering it fixed. Reopen if you disagree. |