Vulnerabilities > CVE-2005-3186
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-811.NASL description Updated gtk2 packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an infinite-loop denial of service bug in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gtk2 are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20238 published 2005-11-21 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20238 title RHEL 3 / 4 : gtk2 (RHSA-2005:811) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:811. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(20238); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-2975", "CVE-2005-3186"); script_xref(name:"RHSA", value:"2005:811"); script_name(english:"RHEL 3 / 4 : gtk2 (RHSA-2005:811)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated gtk2 packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an infinite-loop denial of service bug in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gtk2 are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-2975" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-3186" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:811" ); script_set_attribute( attribute:"solution", value:"Update the affected gtk2 and / or gtk2-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gtk2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gtk2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/18"); script_set_attribute(attribute:"patch_publication_date", value:"2005/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:811"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"gtk2-2.2.4-19")) flag++; if (rpm_check(release:"RHEL3", reference:"gtk2-devel-2.2.4-19")) flag++; if (rpm_check(release:"RHEL4", reference:"gtk2-2.4.13-18")) flag++; if (rpm_check(release:"RHEL4", reference:"gtk2-devel-2.4.13-18")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gtk2 / gtk2-devel"); } }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-214.NASL description A heap overflow vulnerability in the GTK+ gdk-pixbuf XPM image rendering library could allow for arbitrary code execution. This allows an attacker to provide a carefully crafted XPM image which could possibly allow for arbitrary code execution in the context of the user viewing the image. (CVE-2005-3186) Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. (CVE-2005-2976) Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. (CVE-2005-2975) The gtk+2.0 library also contains the same gdk-pixbuf code with the same vulnerability. The Corporate Server 2.1 packages have additional patches to address CVE-2004-0782,0783,0788 (additional XPM/ICO image issues), CVE-2004-0753 (BMP image issues) and CVE-2005-0891 (additional BMP issues). These were overlooked on this platform with earlier updates. The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20446 published 2006-01-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20446 title Mandrake Linux Security Advisory : gdk-pixbuf (MDKSA-2005:214) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:214. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(20446); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2004-0753", "CVE-2004-0782", "CVE-2004-0783", "CVE-2004-0788", "CVE-2005-0891", "CVE-2005-2975", "CVE-2005-2976", "CVE-2005-3186"); script_xref(name:"MDKSA", value:"2005:214"); script_name(english:"Mandrake Linux Security Advisory : gdk-pixbuf (MDKSA-2005:214)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A heap overflow vulnerability in the GTK+ gdk-pixbuf XPM image rendering library could allow for arbitrary code execution. This allows an attacker to provide a carefully crafted XPM image which could possibly allow for arbitrary code execution in the context of the user viewing the image. (CVE-2005-3186) Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. (CVE-2005-2976) Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. (CVE-2005-2975) The gtk+2.0 library also contains the same gdk-pixbuf code with the same vulnerability. The Corporate Server 2.1 packages have additional patches to address CVE-2004-0782,0783,0788 (additional XPM/ICO image issues), CVE-2004-0753 (BMP image issues) and CVE-2005-0891 (additional BMP issues). These were overlooked on this platform with earlier updates. The updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gdk-pixbuf-loaders"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gtk+2.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gdk-pixbuf-gnomecanvas1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gdk-pixbuf-xlib2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gdk-pixbuf2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gdk-pixbuf2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gdk_pixbuf2.0_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gdk_pixbuf2.0_0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gtk+-x11-2.0_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gtk+2.0_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gtk+2.0_0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgdk-pixbuf-gnomecanvas1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgdk-pixbuf-xlib2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgdk-pixbuf2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgdk-pixbuf2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgdk_pixbuf2.0_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgdk_pixbuf2.0_0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgtk+-x11-2.0_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgtk+2.0_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgtk+2.0_0-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2005/11/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.2", reference:"gdk-pixbuf-loaders-0.22.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"gtk+2.0-2.6.4-2.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64gdk-pixbuf-gnomecanvas1-0.22.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64gdk-pixbuf-xlib2-0.22.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64gdk-pixbuf2-0.22.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64gdk-pixbuf2-devel-0.22.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64gdk_pixbuf2.0_0-2.6.4-2.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64gdk_pixbuf2.0_0-devel-2.6.4-2.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64gtk+-x11-2.0_0-2.6.4-2.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64gtk+2.0_0-2.6.4-2.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64gtk+2.0_0-devel-2.6.4-2.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libgdk-pixbuf-gnomecanvas1-0.22.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libgdk-pixbuf-xlib2-0.22.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libgdk-pixbuf2-0.22.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libgdk-pixbuf2-devel-0.22.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libgdk_pixbuf2.0_0-2.6.4-2.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libgdk_pixbuf2.0_0-devel-2.6.4-2.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libgtk+-x11-2.0_0-2.6.4-2.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libgtk+2.0_0-2.6.4-2.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libgtk+2.0_0-devel-2.6.4-2.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"gdk-pixbuf-loaders-0.22.0-8.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"gtk+2.0-2.8.3-4.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64gdk-pixbuf-gnomecanvas1-0.22.0-8.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64gdk-pixbuf-xlib2-0.22.0-8.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64gdk-pixbuf2-0.22.0-8.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64gdk-pixbuf2-devel-0.22.0-8.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64gdk_pixbuf2.0_0-2.8.3-4.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64gdk_pixbuf2.0_0-devel-2.8.3-4.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64gtk+-x11-2.0_0-2.8.3-4.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64gtk+2.0_0-2.8.3-4.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64gtk+2.0_0-devel-2.8.3-4.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libgdk-pixbuf-gnomecanvas1-0.22.0-8.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libgdk-pixbuf-xlib2-0.22.0-8.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libgdk-pixbuf2-0.22.0-8.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libgdk-pixbuf2-devel-0.22.0-8.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libgdk_pixbuf2.0_0-2.8.3-4.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libgdk_pixbuf2.0_0-devel-2.8.3-4.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libgtk+-x11-2.0_0-2.8.3-4.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libgtk+2.0_0-2.8.3-4.2.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libgtk+2.0_0-devel-2.8.3-4.2.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-810.NASL description Updated gdk-pixbuf packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue. Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gdk-pixbuf are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21866 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21866 title CentOS 3 / 4 : gdk-pixbuf (CESA-2005:810) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:810 and # CentOS Errata and Security Advisory 2005:810 respectively. # include("compat.inc"); if (description) { script_id(21866); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2005-2975", "CVE-2005-2976", "CVE-2005-3186"); script_xref(name:"RHSA", value:"2005:810"); script_name(english:"CentOS 3 / 4 : gdk-pixbuf (CESA-2005:810)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated gdk-pixbuf packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue. Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gdk-pixbuf are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues." ); # https://lists.centos.org/pipermail/centos-announce/2005-November/012418.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?98f607e3" ); # https://lists.centos.org/pipermail/centos-announce/2005-November/012419.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c2237dd5" ); # https://lists.centos.org/pipermail/centos-announce/2005-November/012424.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9ab09d8d" ); # https://lists.centos.org/pipermail/centos-announce/2005-November/012425.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9ace97f5" ); # https://lists.centos.org/pipermail/centos-announce/2005-November/012426.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5d0c0607" ); # https://lists.centos.org/pipermail/centos-announce/2005-November/012428.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cc62c452" ); script_set_attribute( attribute:"solution", value:"Update the affected gdk-pixbuf packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gdk-pixbuf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gdk-pixbuf-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gdk-pixbuf-gnome"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/18"); script_set_attribute(attribute:"patch_publication_date", value:"2005/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"gdk-pixbuf-0.22.0-13.el3.3")) flag++; if (rpm_check(release:"CentOS-3", reference:"gdk-pixbuf-devel-0.22.0-13.el3.3")) flag++; if (rpm_check(release:"CentOS-3", reference:"gdk-pixbuf-gnome-0.22.0-13.el3.3")) flag++; if (rpm_check(release:"CentOS-4", reference:"gdk-pixbuf-0.22.0-17.el4.3")) flag++; if (rpm_check(release:"CentOS-4", reference:"gdk-pixbuf-devel-0.22.0-17.el4.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gdk-pixbuf / gdk-pixbuf-devel / gdk-pixbuf-gnome"); }NASL family Fedora Local Security Checks NASL id FEDORA_2005-1086.NASL description The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue. Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gdk-pixbuf are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20230 published 2005-11-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20230 title Fedora Core 3 : gdk-pixbuf-0.22.0-16.fc3.3 (2005-1086) NASL family Fedora Local Security Checks NASL id FEDORA_2005-1085.NASL description The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue. Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gdk-pixbuf are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20229 published 2005-11-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20229 title Fedora Core 4 : gdk-pixbuf-0.22.0-18.fc4.2 (2005-1085) NASL family SuSE Local Security Checks NASL id SUSE9_10558.NASL description This update fixes the following security problem: a heap overflow in the XPM reader allowed attackers to execute arbitrary code via specially crafted XPM images. (CVE-2005-3186, CVE-2005-2975, CVE-2005-2976) last seen 2020-06-01 modified 2020-06-02 plugin id 41084 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41084 title SuSE9 Security Update : gdk-pixbuf (YOU Patch Number 10558) NASL family Fedora Local Security Checks NASL id FEDORA_2005-1087.NASL description The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an infinite-loop denial of service bug in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gtk2 are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20231 published 2005-11-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20231 title Fedora Core 3 : gtk2-2.4.14-4.fc3.3 (2005-1087) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-911.NASL description Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf XPM image rendering library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-2975 Ludwig Nussel discovered an infinite loop when processing XPM images that allows an attacker to cause a denial of service via a specially crafted XPM file. - CVE-2005-2976 Ludwig Nussel discovered an integer overflow in the way XPM images are processed that could lead to the execution of arbitrary code or crash the application via a specially crafted XPM file. - CVE-2005-3186 last seen 2020-06-01 modified 2020-06-02 plugin id 22777 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22777 title Debian DSA-911-1 : gtk+2.0 - several vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2005-1088.NASL description The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an infinite-loop denial of service bug in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gtk2 are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20232 published 2005-11-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20232 title Fedora Core 4 : gtk2-2.6.10-2.fc4.4 (2005-1088) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-811.NASL description Updated gtk2 packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an infinite-loop denial of service bug in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gtk2 are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21867 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21867 title CentOS 3 / 4 : gtk2 (CESA-2005:811) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-216-1.NASL description Two integer overflows have been discovered in the XPM image loader of the GDK pixbuf library. By tricking an user into opening a specially crafted XPM image with any Gnome desktop application that uses this library, this could be exploited to execute arbitrary code with the privileges of the user running the application. (CVE-2005-2976, CVE-2005-3186) Additionally, specially crafted XPM images could cause an endless loop in the image loader, which could be exploited to cause applications trying to open that image to hang. (CVE-2005-2975). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20634 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20634 title Ubuntu 4.10 / 5.04 / 5.10 : gtk+2.0, gdk-pixbuf vulnerabilities (USN-216-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-810.NASL description Updated gdk-pixbuf packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue. Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gdk-pixbuf are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20237 published 2005-11-21 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20237 title RHEL 2.1 / 3 / 4 : gdk-pixbuf (RHSA-2005:810) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-913.NASL description Several vulnerabilities have been found in gdk-pixbuf, the Gtk+ GdkPixBuf XPM image rendering library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-2975 Ludwig Nussel discovered an infinite loop when processing XPM images that allows an attacker to cause a denial of service via a specially crafted XPM file. - CVE-2005-2976 Ludwig Nussel discovered an integer overflow in the way XPM images are processed that could lead to the execution of arbitrary code or crash the application via a specially crafted XPM file. - CVE-2005-3186 last seen 2020-06-01 modified 2020-06-02 plugin id 22779 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22779 title Debian DSA-913-1 : gdk-pixbuf - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_065.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:065 (gtk2, gdk-pixbuf). The image loading library of the gdk-pixbug/gtk2 package is vulnerable to several security-related bugs. This makes every application (mostly GNOME applications) which is linked against this library vulnerable too. A carefully crafted XPM file can be used to execute arbitrary code while processing the image file. (CVE-2005-3186) Additionally Ludwig Nussel from the SuSE Security-Team discovered an integer overflow bug that can be used to execute arbitrary code too (CVE-2005-2976), and an infinite loop which leads to a denial of service bug. (CVE-2005-2975) last seen 2019-10-28 modified 2005-11-21 plugin id 20239 published 2005-11-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20239 title SUSE-SA:2005:065: gtk2, gdk-pixbuf NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200511-14.NASL description The remote host is affected by the vulnerability described in GLSA-200511-14 (GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities) iDEFENSE reported a possible heap overflow in the XPM loader (CVE-2005-3186). Upon further inspection, Ludwig Nussel discovered two additional issues in the XPM processing functions : an integer overflow (CVE-2005-2976) that affects only gdk-pixbuf, and an infinite loop (CVE-2005-2975). Impact : Using a specially crafted XPM image an attacker could cause an affected application to enter an infinite loop or trigger the overflows, potentially allowing the execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20235 published 2005-11-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20235 title GLSA-200511-14 : GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities
Oval
| accepted | 2013-04-29T04:19:50.690-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9503 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txt
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txt
- http://secunia.com/advisories/17522
- http://secunia.com/advisories/17522
- http://secunia.com/advisories/17538
- http://secunia.com/advisories/17538
- http://secunia.com/advisories/17562
- http://secunia.com/advisories/17562
- http://secunia.com/advisories/17588
- http://secunia.com/advisories/17588
- http://secunia.com/advisories/17591
- http://secunia.com/advisories/17591
- http://secunia.com/advisories/17592
- http://secunia.com/advisories/17592
- http://secunia.com/advisories/17594
- http://secunia.com/advisories/17594
- http://secunia.com/advisories/17615
- http://secunia.com/advisories/17615
- http://secunia.com/advisories/17657
- http://secunia.com/advisories/17657
- http://secunia.com/advisories/17710
- http://secunia.com/advisories/17710
- http://secunia.com/advisories/17770
- http://secunia.com/advisories/17770
- http://secunia.com/advisories/17791
- http://secunia.com/advisories/17791
- http://secunia.com/advisories/18509
- http://secunia.com/advisories/18509
- http://securityreason.com/securityalert/188
- http://securityreason.com/securityalert/188
- http://securitytracker.com/id?1015216
- http://securitytracker.com/id?1015216
- http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf
- http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf
- http://www.debian.org/security/2005/dsa-911
- http://www.debian.org/security/2005/dsa-911
- http://www.debian.org/security/2005/dsa-913
- http://www.debian.org/security/2005/dsa-913
- http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml
- http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml
- http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities
- http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:214
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:214
- http://www.novell.com/linux/security/advisories/2005_65_gtk2.html
- http://www.novell.com/linux/security/advisories/2005_65_gtk2.html
- http://www.redhat.com/support/errata/RHSA-2005-810.html
- http://www.redhat.com/support/errata/RHSA-2005-810.html
- http://www.redhat.com/support/errata/RHSA-2005-811.html
- http://www.redhat.com/support/errata/RHSA-2005-811.html
- http://www.securityfocus.com/archive/1/428052/100/0/threaded
- http://www.securityfocus.com/archive/1/428052/100/0/threaded
- http://www.securityfocus.com/bid/15435
- http://www.securityfocus.com/bid/15435
- http://www.ubuntu.com/usn/usn-216-1
- http://www.ubuntu.com/usn/usn-216-1
- http://www.vupen.com/english/advisories/2005/2433
- http://www.vupen.com/english/advisories/2005/2433
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9503
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9503