CVE-2004-0111
published 2004-04-15CVE-2004-0111: gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
PriorityP411medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.07%
79.1th percentile
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdk-pixbuf | < gdk-pixbuf 0.22.0-3 (bookworm) | gdk-pixbuf 0.22.0-3 (bookworm) |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-3 | 0.22.0-3 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-3 | 0.22.0-3 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-3 | 0.22.0-3 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-3 | 0.22.0-3 |
| gnome | gdkpixbuf | — | — |
| gnome | gdkpixbuf | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | gdk_pixbuf | — | — |
| redhat | linux_advanced_workstation | — | — |
| sgi | propack | — | — |
| sgi | propack | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8x87-hc58-vg99: gdk-pixbuf before 0
ghsa_unreviewed·2022-04-29
CVE-2004-0111 [MEDIUM] GHSA-8x87-hc58-vg99: gdk-pixbuf before 0
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
OSV
CVE-2004-0111: gdk-pixbuf before 0
osv·2004-04-15·CVSS 5.0
CVE-2004-0111 [MEDIUM] CVE-2004-0111: gdk-pixbuf before 0
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
Red Hat
security flaw
vendor_redhat·2004-03-10·CVSS 5.0
CVE-2004-0111 [MEDIUM] security flaw
security flaw
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
Debian
CVE-2004-0111: gdk-pixbuf - gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via...
vendor_debian·2004·CVSS 5.0
CVE-2004-0111 [MEDIUM] CVE-2004-0111: gdk-pixbuf - gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via...
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
Scope: local
bookworm: resolved (fixed in 0.22.0-3)
bullseye: resolved (fixed in 0.22.0-3)
forky: resolved (fixed in 0.22.0-3)
sid: resolved (fixed in 0.22.0-3)
trixie: resolved (fixed in 0.22.0-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-0111 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2004-0111 [MEDIUM] CVE-2004-0111 security flaw
CVE-2004-0111 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
Bugzilla
CAN-2004-0111 gdk-pixbuf can crash with malicious BMP file
bugzilla·2004-02-26
[MEDIUM] CAN-2004-0111 gdk-pixbuf can crash with malicious BMP file
CAN-2004-0111 gdk-pixbuf can crash with malicious BMP file
Thomas Kristensen discovered a bitmap file that would cause the
Evolution mail reader to crash. This issue was caused by a flaw that
affects versions of the gdk-pixbuf package prior to 0.20. To exmploit
this a remote attacker could send via email a carefully crafted BMP
file to a victim which would cause Evolution to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0111 to this issue.
Note: In Red Hat Enterprise Linux 3, Evolution does not use the
standalone gdk-pixbuf package and is not subject to this issue,
however other applications that may use gdk-pixbuf are still affected.
Embargoed until March 10 2004
Will upgrade to gdk-pixbuf > 0.20
Discussion:
Note that Evolution
http://www.debian.org/security/2004/dsa-464http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:020http://www.redhat.com/support/errata/RHSA-2004-102.htmlhttp://www.redhat.com/support/errata/RHSA-2004-103.htmlhttp://www.securityfocus.com/bid/9842https://bugzilla.fedora.us/show_bug.cgi?id=2005https://exchange.xforce.ibmcloud.com/vulnerabilities/15426https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A845https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A846http://www.debian.org/security/2004/dsa-464http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:020http://www.redhat.com/support/errata/RHSA-2004-102.htmlhttp://www.redhat.com/support/errata/RHSA-2004-103.htmlhttp://www.securityfocus.com/bid/9842https://bugzilla.fedora.us/show_bug.cgi?id=2005https://exchange.xforce.ibmcloud.com/vulnerabilities/15426https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A845https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A846
2004-04-15
Published