Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 94922 - media-libs/gdk-pixbuf: BMP Image Processing Double Free Remote Denial of Service Vulnerability
Summary: media-libs/gdk-pixbuf: BMP Image Processing Double Free Remote Denial of Serv...
Status: RESOLVED DUPLICATE of bug 86979
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/bid/12950
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-06-03 06:58 UTC by Adir Abraham
Modified: 2005-06-10 07:09 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adir Abraham 2005-06-03 06:58:37 UTC 
From SecurityFocus: 

 gdk-pixbuf library is reported prone to a denial of service vulnerability. This
issue arises due to a double free condition.

It is reported that this vulnerability presents itself when an application that
is linked against the library handles malformed Bitmap (.bmp) image files.

A successful attack may result in a denial of service condition. It is not
confirmed whether this vulnerability could be leveraged to execute arbitrary code.

gdk-pixbuf 0.22.0 and gtk2 2.4.14 packages are known to be vulnerable to this
issue. It is likely that other versions are affected as well.

This BID will be updated when more information becomes available.

Reproducible: Always
Steps to Reproduce:
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-06-03 08:17:15 UTC 
This is CAN-2005-0891... looks a lot like bug 64230, but seems to be different.
gtk+ is probably affected as well.

Pulling in foser for input.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-06-10 07:09:43 UTC 

*** This bug has been marked as a duplicate of 86979 ***