Created attachment 308981 [details]
test xbm file, will crash applications that use affected gdk-pixbuf versions
Attempting to load the attached file in most gtk-based applications, including firefox, will result in a segfault if a vulnerable version of gdk-pixbuf is installed.
Fixed in gdk-pixbuf-2.24.1-r1 (should be stabilized) and gdk-pixbuf-2.26.1 (should not be stabilized for now due to glib-2.32 dependency).
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
Stable for HPPA.
ppc was done already, ppc64 done as well now
Thanks, everyone. Added to existing GLSA request.
This issue was resolved and addressed in
GLSA 201206-20 at http://security.gentoo.org/glsa/glsa-201206-20.xml
by GLSA coordinator Sean Amoss (ackle).
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c
in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of
service (application crash) via a negative (1) height or (2) width in an XBM
file, which triggers a heap-based buffer overflow.