GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service Vulnerability
BID:12950
Info
GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service Vulnerability
| Bugtraq ID: | 12950 |
| Class: | Design Error |
| CVE: |
CVE-2005-0891 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 30 2005 12:00AM |
| Updated: | Feb 28 2007 10:05PM |
| Credit: | Discovery is credited to David Costanzo. |
| Vulnerable: |
Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux 10 F... Turbolinux Home SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 SuSE Linux 7.3 sparc SuSE Linux 7.3 ppc SuSE Linux 7.3 i386 SuSE Linux 7.3 SuSE Linux 7.2 i386 SuSE Linux 7.2 SuSE Linux 7.1 x86 SuSE Linux 7.1 sparc SuSE Linux 7.1 ppc SuSE Linux 7.1 alpha SuSE Linux 7.1 SuSE Linux 7.0 sparc SuSE Linux 7.0 ppc SuSE Linux 7.0 i386 SuSE Linux 7.0 alpha SuSE Linux 7.0 SuSE Linux 6.4 ppc SuSE Linux 6.4 i386 SuSE Linux 6.4 alpha SuSE Linux 6.4 SuSE Linux 6.3 ppc SuSE Linux 6.3 alpha SuSE Linux 6.3 SuSE Linux 6.2 SuSE Linux 6.1 alpha SuSE Linux 6.1 SGI ProPack 3.0 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Linux 9.0 i386 Redhat Linux 7.3 i386 Redhat Fedora Core3 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 2.1 GTK GTK+ 2.4.14 GNOME GdkPixbuf 0.22 |
| Not Vulnerable: | |
Discussion
GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service Vulnerability
The gdk-pixbuf library is reported prone to a denial-of-service vulnerability. This issue arises due to a double-free condition.
Reportedly, this vulnerability presents itself when an application that is linked against the library handles malformed bitmap (.bmp) image files.
A successful attack may result in a denial-of-service condition. It is not confirmed whether this vulnerability could be leveraged to execute arbitrary code.
The gdk-pixbuf 0.22.0 and gtk2 2.4.14 packages are known to be vulnerable to this issue. Other versions are likely affected as well.
This BID will be updated when more information becomes available.
The gdk-pixbuf library is reported prone to a denial-of-service vulnerability. This issue arises due to a double-free condition.
Reportedly, this vulnerability presents itself when an application that is linked against the library handles malformed bitmap (.bmp) image files.
A successful attack may result in a denial-of-service condition. It is not confirmed whether this vulnerability could be leveraged to execute arbitrary code.
The gdk-pixbuf 0.22.0 and gtk2 2.4.14 packages are known to be vulnerable to this issue. Other versions are likely affected as well.
This BID will be updated when more information becomes available.
Exploit / POC
GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service Vulnerability
Solution:
Please see the referenced advisories for more information.
Turbolinux Turbolinux 10 F...
GNOME GdkPixbuf 0.22
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Desktop 10.0
GTK GTK+ 2.4.14
Ubuntu Ubuntu Linux 4.1 ia32
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ppc
Solution:
Please see the referenced advisories for more information.
Turbolinux Turbolinux 10 F...
-
Turbolinux gdk-pixbuf-0.22.0-6.i586.rpm
Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/gdk-pixbuf-0.22.0-6.i586.rpm -
Turbolinux gdk-pixbuf-devel-0.22.0-6.i586.rpm
Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/gdk-pixbuf-devel-0.22.0-6.i586.rpm
GNOME GdkPixbuf 0.22
-
Fedora gdk-pixbuf-0.22.0-12.fc2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gdk-pixbuf-0.22.0-12.fc2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gdk-pixbuf-0.22.0-16.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gdk-pixbuf-0.22.0-16.fc3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gdk-pixbuf-debuginfo-0.22.0-12.fc2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gdk-pixbuf-debuginfo-0.22.0-12.fc2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gdk-pixbuf-debuginfo-0.22.0-16.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gdk-pixbuf-debuginfo-0.22.0-16.fc3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gdk-pixbuf-devel-0.22.0-12.fc2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gdk-pixbuf-devel-0.22.0-12.fc2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gdk-pixbuf-devel-0.22.0-16.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gdk-pixbuf-devel-0.22.0-16.fc3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gdk-pixbuf-gnome-0.22.0-12.fc2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gdk-pixbuf-gnome-0.22.0-12.fc2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gdk-pixbuf-gnome-0.22.0-16.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gdk-pixbuf-gnome-0.22.0-16.fc3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Mandrake gdk-pixbuf-loaders-0.22.0-2.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake gdk-pixbuf-loaders-0.22.0-2.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake gdk-pixbuf-loaders-0.22.0-2.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake gdk-pixbuf-loaders-0.22.0-2.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake gdk-pixbuf-loaders-0.22.0-5.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake gdk-pixbuf-loaders-0.22.0-5.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64gdk-pixbuf-gnomecanvas1-0.22.0-2.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64gdk-pixbuf-gnomecanvas1-0.22.0-2.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64gdk-pixbuf-gnomecanvas1-0.22.0-5.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64gdk-pixbuf-xlib2-0.22.0-2.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64gdk-pixbuf-xlib2-0.22.0-2.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64gdk-pixbuf-xlib2-0.22.0-5.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64gdk-pixbuf2-0.22.0-2.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64gdk-pixbuf2-0.22.0-2.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64gdk-pixbuf2-0.22.0-5.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64gdk-pixbuf2-devel-0.22.0-2.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64gdk-pixbuf2-devel-0.22.0-2.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64gdk-pixbuf2-devel-0.22.0-5.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf-gnomecanvas1-0.22.0-2.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf-gnomecanvas1-0.22.0-2.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf-gnomecanvas1-0.22.0-5.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf-gnomecanvas1-0.22.0-5.1.101mdk.i586.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf-xlib2-0.22.0-2.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf-xlib2-0.22.0-2.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf-xlib2-0.22.0-5.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf-xlib2-0.22.0-5.1.101mdk.i586.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf2-0.22.0-2.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf2-0.22.0-2.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf2-0.22.0-5.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf2-0.22.0-5.1.101mdk.i586.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf2-devel-0.22.0-2.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf2-devel-0.22.0-2.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libgdk-pixbuf2-devel-0.22.0-5.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php
Turbolinux Turbolinux Server 10.0
-
Turbolinux gdk-pixbuf-0.22.0-6.i586.rpm
Turbolinux 10 Server
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/gdk-pixbuf-0.22.0-6.i586.rpm -
Turbolinux gdk-pixbuf-devel-0.22.0-6.i586.rpm
Turbolinux 10 Server
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/gdk-pixbuf-devel-0.22.0-6.i586.rpm
Turbolinux Turbolinux Desktop 10.0
-
Turbolinux gdk-pixbuf-0.22.0-6.i586.rpm
Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/gdk-pixbuf-0.22.0-6.i586.rpm -
Turbolinux gdk-pixbuf-devel-0.22.0-6.i586.rpm
Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/gdk-pixbuf-devel-0.22.0-6.i586.rpm
GTK GTK+ 2.4.14
-
Fedora gtk2-2.4.14-2.fc2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gtk2-2.4.14-2.fc2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gtk2-2.4.14-3.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gtk2-2.4.14-3.fc3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gtk2-debuginfo-2.4.14-2.fc2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gtk2-debuginfo-2.4.14-2.fc2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gtk2-debuginfo-2.4.14-3.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gtk2-debuginfo-2.4.14-3.fc3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gtk2-devel-2.4.14-2.fc2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gtk2-devel-2.4.14-2.fc2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ -
Fedora gtk2-devel-2.4.14-3.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora gtk2-devel-2.4.14-3.fc3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
Ubuntu Ubuntu Linux 4.1 ia32
-
Ubuntu libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf -dev_0.22.0-7ubuntu1.1_i386.deb -
Ubuntu libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf -gnome-dev_0.22.0-7ubuntu1.1_i386.deb -
Ubuntu libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf -gnome2_0.22.0-7ubuntu1.1_i386.deb -
Ubuntu libgdk-pixbuf2_0.22.0-7ubuntu1.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf 2_0.22.0-7ubuntu1.1_i386.deb
Ubuntu Ubuntu Linux 4.1 ia64
-
Ubuntu libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf -dev_0.22.0-7ubuntu1.1_amd64.deb -
Ubuntu libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf -gnome-dev_0.22.0-7ubuntu1.1_amd64.deb -
Ubuntu libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf -gnome2_0.22.0-7ubuntu1.1_amd64.deb -
Ubuntu libgdk-pixbuf2_0.22.0-7ubuntu1.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf 2_0.22.0-7ubuntu1.1_amd64.deb
Ubuntu Ubuntu Linux 4.1 ppc
-
Ubuntu libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf -dev_0.22.0-7ubuntu1.1_powerpc.deb -
Ubuntu libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf -gnome-dev_0.22.0-7ubuntu1.1_powerpc.deb -
Ubuntu libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf -gnome2_0.22.0-7ubuntu1.1_powerpc.deb -
Ubuntu libgdk-pixbuf2_0.22.0-7ubuntu1.1_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf 2_0.22.0-7ubuntu1.1_powerpc.deb
References
GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service Vulnerability
References:
References:
- CLSA-2005:958 : gdk-pixbuf (Conectiva)
- RHSA-2005:343-03 - gdk-pixbuf security update (RedHat)
- RHSA-2005:344-03 - gtk2 security update (RedHat)