CVE-2005-3186Improper Restriction of Operations within the Bounds of a Memory Buffer in GTK

12 documents8 sources
Severity
7.5HIGHNVD
EPSS
2.2%
top 15.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gnome Gdk-pixbufGTK
Timeline
PublishedNov 18
Latest updateMay 3

Description

Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debiangnome/gdk-pixbuf< 0.22.0-11+3
NVDgtk/gtk2.4.0

Patches

Patch: www.idefense.comPatch: www.redhat.comPatch: www.idefense.com

🔴Vulnerability Details

3
GHSA
GHSA-fmj6-5jhp-f8v9: Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 22022-05-03
CVEList
CVE-2005-3186: Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 22005-11-18
OSV
CVE-2005-3186: Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 22005-11-18

📋Vendor Advisories

4
Ubuntu
GDK vulnerabilities2005-11-16
Red Hat
security flaw2005-11-15
Red Hat
security flaw2005-11-03
Debian
CVE-2005-3186: gdk-pixbuf - Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4....2005

💬Community

4
Bugzilla
CVE-2005-2976 security flaw2018-08-16
Bugzilla
CVE-2005-3186 security flaw2018-08-16
Bugzilla
CVE-2005-3186 XPM buffer overflow2005-10-17
Bugzilla
CVE-2005-3186 XPM buffer overflow2005-10-17
CVE-2005-3186 — GTK vulnerability | cvebase