CVE-2005-2975

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2005-2975
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2005-11-18 06:03:00 UTC
Updated2023-08-11 20:12:00 UTC
Descriptionio-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.

Risk And Classification

Problem Types: CWE-399

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Gnome Gdkpixbuf All All All All
Application Gnome Gdkpixbuf All All All All
Application Gnome Gtk All All All All
Application Gtk Gtk All All All All
Application Gtk Gtk 1.2.8 All All All
Application Gtk Gtk 2.0.0 All All All
Application Gtk Gtk 2.0.1 All All All
Application Gtk Gtk 2.0.18 All All All
Application Gtk Gtk 2.0.2 All All All
Application Gtk Gtk 2.0.3 All All All
Application Gtk Gtk 2.0.4 All All All
Application Gtk Gtk 2.0.5 All All All
Application Gtk Gtk 2.0.6 All All All
Application Gtk Gtk 2.0.7 All All All
Application Gtk Gtk 2.0.8 All All All
Application Gtk Gtk 2.0.9 All All All
Application Gtk Gtk 2.2.1 All All All
Application Gtk Gtk 2.2.3 All All All
Application Gtk Gtk 2.2.4 All All All
Application Gtk Gtk 2.4.0 All All All
Application Gtk Gtk All All All All
Application Gtk Gtk 1.2.8 All All All
Application Gtk Gtk 2.0.0 All All All
Application Gtk Gtk 2.0.1 All All All
Application Gtk Gtk 2.0.18 All All All
Application Gtk Gtk 2.0.2 All All All
Application Gtk Gtk 2.0.3 All All All
Application Gtk Gtk 2.0.4 All All All
Application Gtk Gtk 2.0.5 All All All
Application Gtk Gtk 2.0.6 All All All
Application Gtk Gtk 2.0.7 All All All
Application Gtk Gtk 2.0.8 All All All
Application Gtk Gtk 2.0.9 All All All
Application Gtk Gtk 2.2.1 All All All
Application Gtk Gtk 2.2.3 All All All
Application Gtk Gtk 2.2.4 All All All
Application Gtk Gtk 2.4.0 All All All
Application Gtk Gtk All All All All
Application Gtk Gtk 1.2.8 All All All
Application Gtk Gtk 2.0.0 All All All
Application Gtk Gtk 2.0.1 All All All
Application Gtk Gtk 2.0.18 All All All
Application Gtk Gtk 2.0.2 All All All
Application Gtk Gtk 2.0.3 All All All
Application Gtk Gtk 2.0.4 All All All
Application Gtk Gtk 2.0.5 All All All
Application Gtk Gtk 2.0.6 All All All
Application Gtk Gtk 2.0.7 All All All
Application Gtk Gtk 2.0.8 All All All
Application Gtk Gtk 2.0.9 All All All
Application Gtk Gtk 2.2.1 All All All
Application Gtk Gtk 2.2.3 All All All
Application Gtk Gtk 2.2.4 All All All
Application Gtk Gtk 2.4.0 All All All

References

ReferenceSourceLinkTags
Secunia - Advisories - Fedora update for gdk-pixbuf SECUNIA secunia.com
Secunia - Advisories - Debian update for gtk+2.0 SECUNIA secunia.com Vendor Advisory
Debian -- Security Information -- DSA-911-1 gtk+2.0 DEBIAN www.debian.org
Secunia - Advisories - Red Hat update for gdk-pixbuf SECUNIA secunia.com Vendor Advisory
Secunia - Advisories - Mandriva update for gdk-pixbuf SECUNIA secunia.com Vendor Advisory
rhn.redhat.com | Red Hat Support REDHAT www.redhat.com
GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service Vulnerability BID www.securityfocus.com
SecurityFocus FEDORA www.securityfocus.com
Debian -- Security Information -- DSA-913-1 gdk-pixbuf DEBIAN www.debian.org
Secunia - Advisories - Ubuntu update for gtk2-engines-pixbuf / libgdk-pixbuf2 SECUNIA secunia.com Vendor Advisory
support.avaya.com/elmodocs2/security/ASA-2005-229.pdf CONFIRM support.avaya.com
usn/usn-216-1 - Ubuntu Linux UBUNTU www.ubuntu.com
Secunia - Advisories - SUSE update for gtk2/gdk-pixbuf SECUNIA secunia.com Vendor Advisory
SecurityTracker.com Archives - gdk-pixbuf Bugs in Processing XPM Images Let Remote Users Deny Service or Execute Arbitrary Code SECTRACK securitytracker.com
404 Page Not Found | SUSE SUSE www.novell.com
Secunia - Advisories - Gentoo update for gtk+/gdk-pixbuf SECUNIA secunia.com Vendor Advisory
Secunia - Advisories - GTK+ GdkPixbuf XPM Image Rendering Library Multiple Vulnerabilities SECUNIA secunia.com Vendor Advisory
Secunia - Advisories - Fedora update for gtk2 SECUNIA secunia.com Vendor Advisory
Repository / Oval Repository OVAL oval.cisecurity.org
Secunia - Advisories - Red Hat update for gtk2 SECUNIA secunia.com Vendor Advisory
Advisories - Mandriva Linux MANDRIVA www.mandriva.com
Gentoo Linux Documentation -- GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities GENTOO www.gentoo.org
Webmail - OVH VUPEN www.vupen.com Vendor Advisory
rhn.redhat.com | Red Hat Support REDHAT www.redhat.com Patch, Vendor Advisory
Secunia - Advisories - Debian update for gdk-pixbuf SECUNIA secunia.com Vendor Advisory
Secunia - Advisories - Avaya Products GdkPixbuf XPM Image Multiple Vulnerabilities SECUNIA secunia.com Vendor Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

OrganizationPublishedContributorStatement
Red Hat2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report