gdk-pixbuf (0.22.0-7ubuntu2.1) hoary-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution and DoS.
* Fix integer overflow in XPM loader:
- gdk-pixbuf/io-xpm.c, pixbuf_create_from_xpm(): Check n_col for integer
overflow before allocating memory.
- XPMs with specially crafted number of colors can lead to buffer overflow
and arbitrary code execution.
- CVE-2005-3186
* Fix another integer overflow in XPM loader:
- gdk-pixbuf/io-xpm.c, pixbuf_create_from_xpm(): Use gdk_pixbuf_new()
instead of low-level allocation since the latter did not check for
integer overflows (width * height * number of colors).
- CVE-2005-2976
* Fix endless loop in XPM loader:
- gdk-pixbuf/io-xpm.c, file_buffer(): Avoid endless loop with specially
crafted number of colors.
- CVE-2005-2975
-- Martin Pitt <email address hidden> Wed, 16 Nov 2005 11:14:03 +0000