CVE-2005-3186
published 2005-11-18CVE-2005-3186: Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of…
PriorityP432high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.71%
90.7th percentile
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdk-pixbuf | < gdk-pixbuf 0.22.0-11 (bookworm) | gdk-pixbuf 0.22.0-11 (bookworm) |
| debian | gtk+2.0 | < gdk-pixbuf 0.22.0-11 (bookworm) | gdk-pixbuf 0.22.0-11 (bookworm) |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-11 | 0.22.0-11 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-11 | 0.22.0-11 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-11 | 0.22.0-11 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-11 | 0.22.0-11 |
| gnome | gdkpixbuf | — | — |
| gnome | gtk | < 2.8.7 | 2.8.7 |
| gtk | gtk | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_ubuntu7.8HIGH
vendor_debian7.5MEDIUM
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GDK vulnerabilities
vendor_ubuntu·2005-11-16·CVSS 7.8
CVE-2005-2975 [HIGH] GDK vulnerabilities
Title: GDK vulnerabilities
Summary: GDK vulnerabilities
Two integer overflows have been discovered in the XPM image loader of
the GDK pixbuf library. By tricking an user into opening a specially
crafted XPM image with any Gnome desktop application that uses this
library, this could be exploited to execute arbitrary code with the
privileges of the user running the application.
(CVE-2005-2976, CVE-2005-3186)
Additionally, specially crafted XPM images could cause an endless loop
in the image loader, which could be exploited to cause applications
trying to open that image to hang. (CVE-2005-2975)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-11-15·CVSS 7.5
CVE-2005-2976 [HIGH] security flaw
security flaw
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat
security flaw
vendor_redhat·2005-11-03·CVSS 7.5
CVE-2005-3186 [HIGH] security flaw
security flaw
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2005-3186: gdk-pixbuf - Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4....
vendor_debian·2005·CVSS 7.5
CVE-2005-3186 [HIGH] CVE-2005-3186: gdk-pixbuf - Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4....
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 0.22.0-11)
bullseye: resolved (fixed in 0.22.0-11)
forky: resolved (fixed in 0.22.0-11)
sid: resolved (fixed in 0.22.0-11)
trixie: resolved (fixed in 0.22.0-11)
Debian
CVE-2005-2976: gdk-pixbuf - Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows at...
vendor_debian·2005·CVSS 7.5
CVE-2005-2976 [HIGH] CVE-2005-2976: gdk-pixbuf - Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows at...
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
Scope: local
bookworm: resolved (fixed in 0.22.0-11)
bullseye: resolved (fixed in 0.22.0-11)
forky: resolved (fixed in 0.22.0-11)
sid: resolved (fixed in 0.22.0-11)
trixie: resolved (fixed in 0.22.0-11)
GHSA
GHSA-fmj6-5jhp-f8v9: Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2
ghsa_unreviewed·2022-05-03
CVE-2005-3186 [HIGH] GHSA-fmj6-5jhp-f8v9: Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
GHSA
GHSA-9hm7-qmgf-q88w: Integer overflow in io-xpm
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-2976 [HIGH] CWE-190 GHSA-9hm7-qmgf-q88w: Integer overflow in io-xpm
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
OSV
CVE-2005-3186: Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2
osv·2005-11-18·CVSS 7.5
CVE-2005-3186 [HIGH] CVE-2005-3186: Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
OSV
CVE-2005-2976: Integer overflow in io-xpm
osv·2005-11-18·CVSS 7.5
CVE-2005-2976 [HIGH] CVE-2005-2976: Integer overflow in io-xpm
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-2976 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2005-2976 [HIGH] CVE-2005-2976 security flaw
CVE-2005-2976 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Bugzilla
CVE-2005-3186 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2005-3186 [HIGH] CVE-2005-3186 security flaw
CVE-2005-3186 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Bugzilla
CVE-2005-3186 XPM buffer overflow
bugzilla·2005-10-17·CVSS 7.5
CVE-2005-3186 [HIGH] CVE-2005-3186 XPM buffer overflow
CVE-2005-3186 XPM buffer overflow
+++ This bug was initially created as a clone of Bug #171071 +++
iDEFENSE has reported a buffer overflow in the gdk-pixbuf's XPM processor.
(Text taken from the iDEFENSE advisory)
II. DESCRIPTION
Remote exploitation of heap overflow vulnerability in various vendors'
implementations of the GTK+ gdk-pixbuf XPM image rendering library could
allow for arbitrary code execution. iDEFENSE is currently unaware of
exploits for this vulnerability other than those maintainted by iDEFENSE
Labs, however exploitation is trivial. Vendor patches for this iDEFENSE
exclusive report are currently unavailable. A workaround has been
provided.
The vulnerability specifically exists due to an integer overflow while
processing XPM files. The following code snippet illustrates
Bugzilla
CVE-2005-3186 XPM buffer overflow
bugzilla·2005-10-17·CVSS 7.5
CVE-2005-3186 [HIGH] CVE-2005-3186 XPM buffer overflow
CVE-2005-3186 XPM buffer overflow
iDEFENSE has reported a buffer overflow in the gdk-pixbuf's XPM processor.
(Text taken from the iDEFENSE advisory)
II. DESCRIPTION
Remote exploitation of heap overflow vulnerability in various vendors'
implementations of the GTK+ gdk-pixbuf XPM image rendering library could
allow for arbitrary code execution. iDEFENSE is currently unaware of
exploits for this vulnerability other than those maintainted by iDEFENSE
Labs, however exploitation is trivial. Vendor patches for this iDEFENSE
exclusive report are currently unavailable. A workaround has been
provided.
The vulnerability specifically exists due to an integer overflow while
processing XPM files. The following code snippet illustrates the
vulnerability:
if (n_col = G_MAXINT / (cpp + 1)) {
g_set_err
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txthttp://secunia.com/advisories/17522http://secunia.com/advisories/17538http://secunia.com/advisories/17562http://secunia.com/advisories/17588http://secunia.com/advisories/17591http://secunia.com/advisories/17592http://secunia.com/advisories/17594http://secunia.com/advisories/17615http://secunia.com/advisories/17657http://secunia.com/advisories/17710http://secunia.com/advisories/17770http://secunia.com/advisories/17791http://secunia.com/advisories/18509http://securityreason.com/securityalert/188http://securitytracker.com/id?1015216http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdfhttp://www.debian.org/security/2005/dsa-911http://www.debian.org/security/2005/dsa-913http://www.gentoo.org/security/en/glsa/glsa-200511-14.xmlhttp://www.idefense.com/application/poi/display?id=339&type=vulnerabilitieshttp://www.mandriva.com/security/advisories?name=MDKSA-2005:214http://www.novell.com/linux/security/advisories/2005_65_gtk2.htmlhttp://www.redhat.com/support/errata/RHSA-2005-810.htmlhttp://www.redhat.com/support/errata/RHSA-2005-811.htmlhttp://www.securityfocus.com/archive/1/428052/100/0/threadedhttp://www.securityfocus.com/bid/15435http://www.ubuntu.com/usn/usn-216-1http://www.vupen.com/english/advisories/2005/2433https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9503ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txthttp://secunia.com/advisories/17522http://secunia.com/advisories/17538http://secunia.com/advisories/17562http://secunia.com/advisories/17588http://secunia.com/advisories/17591http://secunia.com/advisories/17592http://secunia.com/advisories/17594http://secunia.com/advisories/17615http://secunia.com/advisories/17657http://secunia.com/advisories/17710http://secunia.com/advisories/17770http://secunia.com/advisories/17791http://secunia.com/advisories/18509http://securityreason.com/securityalert/188http://securitytracker.com/id?1015216http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdfhttp://www.debian.org/security/2005/dsa-911http://www.debian.org/security/2005/dsa-913http://www.gentoo.org/security/en/glsa/glsa-200511-14.xmlhttp://www.idefense.com/application/poi/display?id=339&type=vulnerabilitieshttp://www.mandriva.com/security/advisories?name=MDKSA-2005:214http://www.novell.com/linux/security/advisories/2005_65_gtk2.htmlhttp://www.redhat.com/support/errata/RHSA-2005-810.htmlhttp://www.redhat.com/support/errata/RHSA-2005-811.htmlhttp://www.securityfocus.com/archive/1/428052/100/0/threadedhttp://www.securityfocus.com/bid/15435http://www.ubuntu.com/usn/usn-216-1http://www.vupen.com/english/advisories/2005/2433https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9503
2005-11-18
Published