Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2004-0783

Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).

Related bugs and status

CVE-2004-0783 (Candidate) is related to these bugs:

Bug #8129: vulnerable to holes fixed by DSA-549-1

Summary				In	Importance	Status
	8129	vulnerable to holes fixed by DSA-549-1		gtk+2.0 (Ubuntu)	High	Invalid
	8129	vulnerable to holes fixed by DSA-549-1		gtk+2.0 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://scary.beasts.or...
FEDORA: FLSA:2005
MANDRAKE: MDKSA-2004:095
MANDRAKE: MDKSA-2004:096
REDHAT: RHSA-2004:447
REDHAT: RHSA-2004:466
CERT-VN: VU#369358
SECUNIA: 17657
SUNALERT: 101776
BID: 11195
MANDRIVA: MDKSA-2005:214
BUGTRAQ: 20040915 CESA-2004-005...
CONECTIVA: CLA-2004:875
XF: gtk-xpm-xpmextractcolo...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
FEDORA: FLSA-2005:155510