CVE-2004-0753
published 2004-10-20CVE-2004-0753: The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a…
PriorityP417medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
5.92%
92.3th percentile
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdk-pixbuf | < gdk-pixbuf 0.22.0-7 (bookworm) | gdk-pixbuf 0.22.0-7 (bookworm) |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-7 | 0.22.0-7 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-7 | 0.22.0-7 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-7 | 0.22.0-7 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-7 | 0.22.0-7 |
| gnome | gdkpixbuf | — | — |
| gnome | gdkpixbuf | — | — |
| gnome | gdkpixbuf | — | — |
| gnome | gdkpixbuf | — | — |
| gnome | gtk | >= 2.0.0 < 2.2.4 | 2.2.4 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wjgf-crrq-vg9c: The BMP image processor for (1) gdk-pixbuf before 0
ghsa_unreviewed·2022-04-29
CVE-2004-0753 [MEDIUM] CWE-835 GHSA-wjgf-crrq-vg9c: The BMP image processor for (1) gdk-pixbuf before 0
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
OSV
CVE-2004-0753: The BMP image processor for (1) gdk-pixbuf before 0
osv·2004-10-20·CVSS 5.0
CVE-2004-0753 [MEDIUM] CVE-2004-0753: The BMP image processor for (1) gdk-pixbuf before 0
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
Red Hat
security flaw
vendor_redhat·2004-08-20·CVSS 5.0
CVE-2004-0753 [MEDIUM] security flaw
security flaw
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
Debian
CVE-2004-0753: gdk-pixbuf - The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4...
vendor_debian·2004·CVSS 5.0
CVE-2004-0753 [MEDIUM] CVE-2004-0753: gdk-pixbuf - The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4...
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
Scope: local
bookworm: resolved (fixed in 0.22.0-7)
bullseye: resolved (fixed in 0.22.0-7)
forky: resolved (fixed in 0.22.0-7)
sid: resolved (fixed in 0.22.0-7)
trixie: resolved (fixed in 0.22.0-7)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-0753 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2004-0753 [MEDIUM] CVE-2004-0753 security flaw
CVE-2004-0753 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
Bugzilla
CAN-2004-0753,0782,0783,0788, CAN-2005-0891 gtk vulnerabilities
bugzilla·2005-04-20
[MEDIUM] CAN-2004-0753,0782,0783,0788, CAN-2005-0891 gtk vulnerabilities
CAN-2004-0753,0782,0783,0788, CAN-2005-0891 gtk vulnerabilities
+++ This bug was initially created as a clone of Bug #152317 +++
A BMP image with no palette can cause a double free condition in the gtk2's
gdk-pixbuf BMP processing code.
For more information see:
http://bugzilla.gnome.org/show_bug.cgi?id=171707
See bug 152317 and bug 152318
Discussion:
Must be based on gtk2 packages in updates-testing.
---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Packages to fix the gdk-pixbuf problem; FC2 update was already released.
RHL9 and FC1 use the RHEL3 patch, RHL73 required backporting.
Unfortunately, the packages are not signed. Note that RHL73 has not
been compile-tested.
http://staff.csc.fi/psavola/fl/gtk2-2.0.2-4.1.legacy.2.src.rpm (RHL73)
http://staff.csc.fi/psavola/fl/gtk2-2.2.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875http://secunia.com/advisories/17657http://www.debian.org/security/2004/dsa-546http://www.kb.cert.org/vuls/id/825374http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095http://www.mandriva.com/security/advisories?name=MDKSA-2005:214http://www.redhat.com/support/errata/RHSA-2004-447.htmlhttp://www.redhat.com/support/errata/RHSA-2004-466.htmlhttp://www.securityfocus.com/archive/1/419771/100/0/threadedhttp://www.securityfocus.com/bid/11195https://bugzilla.fedora.us/show_bug.cgi?id=2005https://exchange.xforce.ibmcloud.com/vulnerabilities/17383https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10585http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875http://secunia.com/advisories/17657http://www.debian.org/security/2004/dsa-546http://www.kb.cert.org/vuls/id/825374http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095http://www.mandriva.com/security/advisories?name=MDKSA-2005:214http://www.redhat.com/support/errata/RHSA-2004-447.htmlhttp://www.redhat.com/support/errata/RHSA-2004-466.htmlhttp://www.securityfocus.com/archive/1/419771/100/0/threadedhttp://www.securityfocus.com/bid/11195https://bugzilla.fedora.us/show_bug.cgi?id=2005https://exchange.xforce.ibmcloud.com/vulnerabilities/17383https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10585
2004-10-20
Published