cvelistv5 - cve-2005-2976

CVE-2005-2976 (GCVE-0-2005-2976)

Vulnerability from cvelistv5

Published

2005-11-18 11:00

Modified

2024-08-07 22:53

Severity ?

CWE

Summary

Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.

References

URL

Tags

	http://www.novell.com/linux/security/advisories/2005_65_gtk2.html	vendor-advisory, x_refsource_SUSE
	http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/17710	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/428052/100/0/threaded	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2005/dsa-911	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/17562	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/17615	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/17522	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2005/2433	vdb-entry, x_refsource_VUPEN
	http://www.debian.org/security/2005/dsa-913	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/17538	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-216-1	vendor-advisory, x_refsource_UBUNTU
	http://www.mandriva.com/security/advisories?name=MDKSA-2005:214	vendor-advisory, x_refsource_MANDRIVA
	http://securitytracker.com/id?1015216	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/15428	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/17770	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/17594	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/17592	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/17791	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11370	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/17657	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2005-810.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:53:29.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SA:2005:065",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_65_gtk2.html"
          },
          {
            "name": "GLSA-200511-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml"
          },
          {
            "name": "17710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17710"
          },
          {
            "name": "FLSA:173274",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/428052/100/0/threaded"
          },
          {
            "name": "DSA-911",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-911"
          },
          {
            "name": "17562",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17562"
          },
          {
            "name": "17615",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17615"
          },
          {
            "name": "17522",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17522"
          },
          {
            "name": "ADV-2005-2433",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2433"
          },
          {
            "name": "DSA-913",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-913"
          },
          {
            "name": "17538",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17538"
          },
          {
            "name": "USN-216-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-216-1"
          },
          {
            "name": "MDKSA-2005:214",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:214"
          },
          {
            "name": "1015216",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015216"
          },
          {
            "name": "15428",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15428"
          },
          {
            "name": "17770",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17770"
          },
          {
            "name": "17594",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17594"
          },
          {
            "name": "17592",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17592"
          },
          {
            "name": "17791",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17791"
          },
          {
            "name": "oval:org.mitre.oval:def:11370",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11370"
          },
          {
            "name": "17657",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17657"
          },
          {
            "name": "RHSA-2005:810",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-810.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SA:2005:065",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_65_gtk2.html"
        },
        {
          "name": "GLSA-200511-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml"
        },
        {
          "name": "17710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17710"
        },
        {
          "name": "FLSA:173274",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.securityfocus.com/archive/1/428052/100/0/threaded"
        },
        {
          "name": "DSA-911",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-911"
        },
        {
          "name": "17562",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17562"
        },
        {
          "name": "17615",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17615"
        },
        {
          "name": "17522",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17522"
        },
        {
          "name": "ADV-2005-2433",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2433"
        },
        {
          "name": "DSA-913",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-913"
        },
        {
          "name": "17538",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17538"
        },
        {
          "name": "USN-216-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-216-1"
        },
        {
          "name": "MDKSA-2005:214",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:214"
        },
        {
          "name": "1015216",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015216"
        },
        {
          "name": "15428",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15428"
        },
        {
          "name": "17770",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17770"
        },
        {
          "name": "17594",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17594"
        },
        {
          "name": "17592",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17592"
        },
        {
          "name": "17791",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17791"
        },
        {
          "name": "oval:org.mitre.oval:def:11370",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11370"
        },
        {
          "name": "17657",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17657"
        },
        {
          "name": "RHSA-2005:810",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-810.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2005-2976",
    "datePublished": "2005-11-18T11:00:00.000Z",
    "dateReserved": "2005-09-19T00:00:00.000Z",
    "dateUpdated": "2024-08-07T22:53:29.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2005-AVI-461

Vulnerability from certfr_avis

Un utilisateur mal intentionné peut concevoir un fichier graphique au format XPM volontairement mal formé qui provoquera, lors de sa visualisation par une victime, l'exécution de code arbitraire ou un déni de service.

Description

GTK+2 est disponible pour tout système Unix utilisant X Window mais également pour les systèmes Microsoft Windows ou le moteur de rendu graphique DirectFB pour Linux.

XPM est un format d'image utilisé en particulier pour les icônes. Une mauvaise gestion d'une allocation mémoire peut permettre l'exécution de code arbitraire avec les privilèges de l'utilisateur courant. Des navigateurs, clients de messagerie,...utilisant GTK+2 avec certains systèmes d'exploitation (Firefox sous Linux, Sylpheed sous Unix comme Windows,...), l'exécution de code à distance est alors possible au moyen de messages, sites web,...malicieux.

Solution

Se référer au bulletin de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

Tout système utilisant la boîte à outils graphique GTK+2 ou la bibliothèque Gdk-Pixbuf pour afficher certaines images.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité iDefense du 15 novembre 2005	None	vendor-advisory
Bulletin de sécurité Mandriva MDKSA-2005:214 du 18 novembre 2005 :	-	other
Mise à jour de sécurité Fedora Core 3 (gdk-pixbuf et gtk2) du 15 novembre 2005 :	-	other
Bulletin de sécurité RedHat RHSA-2005:810 du 15 novembre 2005 :	-	other
Bulletin de sécurité Gentoo GLSA 200511-14 du 16 novembre 2005 :	-	other
Mise à jour de sécurité Fedora Core 4 du (gdk-pixbuf et gtk2) 15 novembre 2005 :	-	other
Bulletin de sécurité Gentoo GLSA-200511-14 du 16 novembre 2005 :	-	other
Bulletin de sécurité Ubuntu USN-216-1 du 16 novembre 2005 :	-	other
Bulletin de sécurité SUSE SuSE-SA:2005:065 du 16 novembre 2005 :	-	other
Bulletin de sécurité Debian DSA-913 du 01 décembre 2005 :	-	other
Bulletin de sécurité Debian DSA-911 du 29 novembre 2005 :	-	other
Bulletin de sécurité RedHat RHSA-2005:811 du 15 novembre 2005 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eTout syst\u00e8me utilisant la bo\u00eete \u00e0 outils graphique  \u003cTT\u003eGTK+2\u003c/TT\u003e ou la biblioth\u00e8que \u003cTT\u003eGdk-Pixbuf\u003c/TT\u003e pour  afficher certaines images.\u003c/P\u003e",
  "content": "## Description\n\nGTK+2 est disponible pour tout syst\u00e8me Unix utilisant X Window mais\n\u00e9galement pour les syst\u00e8mes Microsoft Windows ou le moteur de rendu\ngraphique DirectFB pour Linux.\n\nXPM est un format d\u0027image utilis\u00e9 en particulier pour les ic\u00f4nes. Une\nmauvaise gestion d\u0027une allocation m\u00e9moire peut permettre l\u0027ex\u00e9cution de\ncode arbitraire avec les privil\u00e8ges de l\u0027utilisateur courant. Des\nnavigateurs, clients de messagerie,...utilisant GTK+2 avec certains\nsyst\u00e8mes d\u0027exploitation (Firefox sous Linux, Sylpheed sous Unix comme\nWindows,...), l\u0027ex\u00e9cution de code \u00e0 distance est alors possible au moyen\nde messages, sites web,...malicieux.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2005-3186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3186"
    },
    {
      "name": "CVE-2005-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2976"
    },
    {
      "name": "CVE-2005-2975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2975"
    }
  ],
  "initial_release_date": "2005-11-17T00:00:00",
  "last_revision_date": "2005-12-01T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2005:214 du 18 novembre    2005 :",
      "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:214"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Fedora Core 3 (gdk-pixbuf et gtk2)    du 15 novembre 2005 :",
      "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2005:810 du 15 novembre    2005 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2005-810.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200511-14 du 16 novembre    2005 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Fedora Core 4 du (gdk-pixbuf et    gtk2) 15 novembre 2005 :",
      "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200511-14 du 16 novembre    2005 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-216-1 du 16 novembre 2005 :",
      "url": "http://www.ubuntulinux.org/usn/usn-216-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SuSE-SA:2005:065 du 16 novembre    2005 :",
      "url": "http://www.novell.com/linux/security/advisories/2005_65_gtk2.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-913 du 01 d\u00e9cembre 2005 :",
      "url": "http://www.debian.org/security/2005/dsa-913"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-911 du 29 novembre 2005 :",
      "url": "http://www.debian.org/security/2005/dsa-911"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2005:811 du 15 novembre    2005 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2005-811.html"
    }
  ],
  "reference": "CERTA-2005-AVI-461",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-11-17T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Mandriva et Gentoo.",
      "revision_date": "2005-11-21T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Debian DSA-911.",
      "revision_date": "2005-11-29T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Debian DSA-913.",
      "revision_date": "2005-12-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire, \u00e9ventuellement \u00e0 distance"
    }
  ],
  "summary": "Un utilisateur mal intentionn\u00e9 peut concevoir un fichier graphique au\nformat XPM volontairement mal form\u00e9 qui provoquera, lors de sa\nvisualisation par une victime, l\u0027ex\u00e9cution de code arbitraire ou un d\u00e9ni\nde service.\n",
  "title": "Vuln\u00e9rabilit\u00e9 des bliblioth\u00e8ques graphiques GTK+2 et Gdk-Pixbuf",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 iDefense du 15 novembre 2005",
      "url": "http://www.idefense.com/application/poi/display?id=339"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2005-2976 (GCVE-0-2005-2976)

Vulnerability from cvelistv5

CERTA-2005-AVI-461

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature