Package : gtk+2.0 Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2005-2975 CVE-2005-2976 CVE-2005-3186 BugTraq ID : 15428 Debian Bug : 339431
Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf XPM image rendering library. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2005-2975
Ludwig Nussel discovered an infinite loop when processing XPM images that allows an attacker to cause a denial of service via a specially crafted XPM file.
CVE-2005-2976
Ludwig Nussel discovered an integer overflow in the way XPM images are processed that could lead to the execution of arbitrary code or crash the application via a specially crafted XPM file.
CVE-2005-3186
"infamous41md" discovered an integer in the XPM processing routine that can be used to execute arbitrary code via a traditional heap overflow.
The following matrix explains which versions fix these problems: