CVE-2005-2976
published 2005-11-18CVE-2005-2976: Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an…
PriorityP427high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.43%
90.2th percentile
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdk-pixbuf | < gdk-pixbuf 0.22.0-11 (bookworm) | gdk-pixbuf 0.22.0-11 (bookworm) |
| debian | gtk+2.0 | < gdk-pixbuf 0.22.0-11 (bookworm) | gdk-pixbuf 0.22.0-11 (bookworm) |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-11 | 0.22.0-11 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-11 | 0.22.0-11 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-11 | 0.22.0-11 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-11 | 0.22.0-11 |
| gnome | gdkpixbuf | — | — |
| gnome | gtk | < 2.8.7 | 2.8.7 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_ubuntu7.8HIGH
vendor_debian7.5MEDIUM
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GDK vulnerabilities
vendor_ubuntu·2005-11-16·CVSS 7.8
CVE-2005-2975 [HIGH] GDK vulnerabilities
Title: GDK vulnerabilities
Summary: GDK vulnerabilities
Two integer overflows have been discovered in the XPM image loader of
the GDK pixbuf library. By tricking an user into opening a specially
crafted XPM image with any Gnome desktop application that uses this
library, this could be exploited to execute arbitrary code with the
privileges of the user running the application.
(CVE-2005-2976, CVE-2005-3186)
Additionally, specially crafted XPM images could cause an endless loop
in the image loader, which could be exploited to cause applications
trying to open that image to hang. (CVE-2005-2975)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-11-15·CVSS 7.5
CVE-2005-2976 [HIGH] security flaw
security flaw
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2005-2976: gdk-pixbuf - Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows at...
vendor_debian·2005·CVSS 7.5
CVE-2005-2976 [HIGH] CVE-2005-2976: gdk-pixbuf - Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows at...
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
Scope: local
bookworm: resolved (fixed in 0.22.0-11)
bullseye: resolved (fixed in 0.22.0-11)
forky: resolved (fixed in 0.22.0-11)
sid: resolved (fixed in 0.22.0-11)
trixie: resolved (fixed in 0.22.0-11)
GHSA
GHSA-9hm7-qmgf-q88w: Integer overflow in io-xpm
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-2976 [HIGH] CWE-190 GHSA-9hm7-qmgf-q88w: Integer overflow in io-xpm
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
OSV
CVE-2005-2976: Integer overflow in io-xpm
osv·2005-11-18·CVSS 7.5
CVE-2005-2976 [HIGH] CVE-2005-2976: Integer overflow in io-xpm
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-2976 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2005-2976 [HIGH] CVE-2005-2976 security flaw
CVE-2005-2976 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Bugzilla
CVE-2005-2975 Multiple XPM processing issues (CVE-2005-2976)
bugzilla·2005-10-27·CVSS 7.8
CVE-2005-2975 [HIGH] CVE-2005-2975 Multiple XPM processing issues (CVE-2005-2976)
CVE-2005-2975 Multiple XPM processing issues (CVE-2005-2976)
These issues were reported by Ludwig Nussel of Suse.
When gdk-pixbuf processes a bad XPM file, it fails to verify that width * height
* colors doesn't cause an integer overflow.
Additionally gdk-pixbuf will enter an infinite loop if the number of colors
provided is very large, but not large enough to cause an integer overflow.
Discussion:
These issues should also affect RHEL2.1 and RHEL3.
---
Created attachment 120473
Patch for the integer overflow
---
Created attachment 120474
Fix for the large color DoS
---
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution
http://secunia.com/advisories/17522http://secunia.com/advisories/17538http://secunia.com/advisories/17562http://secunia.com/advisories/17592http://secunia.com/advisories/17594http://secunia.com/advisories/17615http://secunia.com/advisories/17657http://secunia.com/advisories/17710http://secunia.com/advisories/17770http://secunia.com/advisories/17791http://securitytracker.com/id?1015216http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdfhttp://www.debian.org/security/2005/dsa-911http://www.debian.org/security/2005/dsa-913http://www.gentoo.org/security/en/glsa/glsa-200511-14.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:214http://www.novell.com/linux/security/advisories/2005_65_gtk2.htmlhttp://www.redhat.com/support/errata/RHSA-2005-810.htmlhttp://www.securityfocus.com/archive/1/428052/100/0/threadedhttp://www.securityfocus.com/bid/15428http://www.ubuntu.com/usn/usn-216-1http://www.vupen.com/english/advisories/2005/2433https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11370http://secunia.com/advisories/17522http://secunia.com/advisories/17538http://secunia.com/advisories/17562http://secunia.com/advisories/17592http://secunia.com/advisories/17594http://secunia.com/advisories/17615http://secunia.com/advisories/17657http://secunia.com/advisories/17710http://secunia.com/advisories/17770http://secunia.com/advisories/17791http://securitytracker.com/id?1015216http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdfhttp://www.debian.org/security/2005/dsa-911http://www.debian.org/security/2005/dsa-913http://www.gentoo.org/security/en/glsa/glsa-200511-14.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:214http://www.novell.com/linux/security/advisories/2005_65_gtk2.htmlhttp://www.redhat.com/support/errata/RHSA-2005-810.htmlhttp://www.securityfocus.com/archive/1/428052/100/0/threadedhttp://www.securityfocus.com/bid/15428http://www.ubuntu.com/usn/usn-216-1http://www.vupen.com/english/advisories/2005/2433https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11370
2005-11-18
Published