CVE-2005-0891
published 2005-05-02CVE-2005-0891: Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
PriorityP426high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
3.90%
89.0th percentile
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdk-pixbuf | < gdk-pixbuf 0.22.0-7.1 (bookworm) | gdk-pixbuf 0.22.0-7.1 (bookworm) |
| debian | gtk+2.0 | < gdk-pixbuf 0.22.0-7.1 (bookworm) | gdk-pixbuf 0.22.0-7.1 (bookworm) |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-7.1 | 0.22.0-7.1 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-7.1 | 0.22.0-7.1 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-7.1 | 0.22.0-7.1 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-7.1 | 0.22.0-7.1 |
| gnome | gtk | >= 2.0.0 < 2.2.4 | 2.2.4 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GDK vulnerability
vendor_ubuntu·2005-04-06
CVE-2005-0891 GDK vulnerability
Title: GDK vulnerability
Summary: GDK vulnerability
Matthias Clasen discovered a Denial of Service vulnerability in the
BMP image module of gdk. Processing a specially crafted BMP image with
an application using gdk-pixbuf caused an allocated memory block to be
free()'ed twice, leading to a crash of the application. However, it
is believed that this cannot be exploited to execute arbitrary
attacker provided code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-03-26·CVSS 7.5
CVE-2005-0891 [HIGH] security flaw
security flaw
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
Debian
CVE-2005-0891: gdk-pixbuf - Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers t...
vendor_debian·2005·CVSS 7.5
CVE-2005-0891 [HIGH] CVE-2005-0891: gdk-pixbuf - Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers t...
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
Scope: local
bookworm: resolved (fixed in 0.22.0-7.1)
bullseye: resolved (fixed in 0.22.0-7.1)
forky: resolved (fixed in 0.22.0-7.1)
sid: resolved (fixed in 0.22.0-7.1)
trixie: resolved (fixed in 0.22.0-7.1)
GHSA
GHSA-f6r7-g7pj-vhjx: Double free vulnerability in gtk 2 (gtk2) before 2
ghsa_unreviewed·2022-05-01
CVE-2005-0891 [MEDIUM] CWE-119 GHSA-f6r7-g7pj-vhjx: Double free vulnerability in gtk 2 (gtk2) before 2
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
OSV
CVE-2005-0891: Double free vulnerability in gtk 2 (gtk2) before 2
osv·2005-05-02·CVSS 7.5
CVE-2005-0891 [HIGH] CVE-2005-0891: Double free vulnerability in gtk 2 (gtk2) before 2
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
No detection rules found.
No public exploits indexed.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000958http://secunia.com/advisories/17657http://www.mandriva.com/security/advisories?name=MDKSA-2005:214http://www.redhat.com/support/errata/RHSA-2005-343.htmlhttp://www.redhat.com/support/errata/RHSA-2005-344.htmlhttp://www.securityfocus.com/archive/1/419771/100/0/threadedhttp://www.securityfocus.com/bid/12950https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9710http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000958http://secunia.com/advisories/17657http://www.mandriva.com/security/advisories?name=MDKSA-2005:214http://www.redhat.com/support/errata/RHSA-2005-343.htmlhttp://www.redhat.com/support/errata/RHSA-2005-344.htmlhttp://www.securityfocus.com/archive/1/419771/100/0/threadedhttp://www.securityfocus.com/bid/12950https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9710
2005-05-02
Published