Upstream information

CVE-2005-3186 at MITRE

Description

Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 129642 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SuSE Linux Desktop 1.0
  • gtk2 >= 2.2.1-106
  • gtk2-devel >= 2.2.1-106
core9.x86-64
core9.s390
slox4,2.x86
YOU Patch Nr: 10563
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • gtk2 >= 2.0.6-157
  • gtk2-devel >= 2.0.6-157
core9.x86-64
core9.s390
slox4,2.x86
YOU Patch Nr: 10563
Novell Linux Desktop 9 for x86
  • gtk2 >= 2.4.14-0.8
  • gtk2-devel >= 2.4.14-0.8
core9.x86-64
core9.s390
slox4,2.x86
YOU Patch Nr: 10563
Novell Linux Desktop 9 for x86_64
  • gtk2 >= 2.4.14-0.8
  • gtk2-32bit >= 9-200511031328
  • gtk2-devel >= 2.4.14-0.8
core9.x86-64
core9.s390
slox4,2.x86
YOU Patch Nr: 10563
Open Enterprise Server
  • gtk2 >= 2.2.4-125.10
  • gtk2-devel >= 2.2.4-125.10
core9.x86-64
core9.s390
slox4,2.x86
YOU Patch Nr: 10563
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • gdk-pixbuf >= 0.18.0-615
  • gdk-pixbuf-devel >= 0.18.0-615
core9.ppc
core9.s390
slox4,2.x86
core9.x86-64
sles9-oes.x86
core9.ia64
YOU Patch Nr: 10558
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Open Enterprise Server
  • gdk-pixbuf >= 0.22.0-62.13
  • gdk-pixbuf-devel >= 0.22.0-62.13
core9.ppc
core9.s390
slox4,2.x86
core9.x86-64
sles9-oes.x86
core9.ia64
YOU Patch Nr: 10558
SUSE LINUX 10.0
  • gtk2 >= 2.8.3-4.3
  • gtk2-32bit >= 2.8.3-4.3
  • gtk2-64bit >= 2.8.3-4.3
  • gtk2-devel >= 2.8.3-4.3
SuSE Linux 9.0 for IA32
  • gtk2 >= 2.2.3-57
  • gtk2-devel >= 2.2.3-57
SuSE Linux 9.0 for AMD64
  • gtk2 >= 2.2.3-57
  • gtk2-32bit >= 9.0-5
  • gtk2-devel >= 2.2.3-57
SUSE LINUX 9.1 for IA32
  • gtk2 >= 2.2.4-125.10
  • gtk2-devel >= 2.2.4-125.10
SUSE LINUX 9.1 for x86-64
  • gtk2 >= 2.2.4-125.10
  • gtk2-32bit >= 9.1-200511022036
  • gtk2-devel >= 2.2.4-125.10
SUSE LINUX 9.2
  • gtk2 >= 2.4.9-10.3
  • gtk2-32bit >= 9.2-200511030547
  • gtk2-devel >= 2.4.9-10.3
SUSE LINUX 9.3
  • gtk2 >= 2.6.4-6.3
  • gtk2-32bit >= 9.3-7.1
  • gtk2-devel >= 2.6.4-6.3
SuSE Linux Desktop 1.0
  • gdk-pixbuf >= 0.18.0-615
Builds
SUSE LINUX 10.0
  • gdk-pixbuf >= 0.22.0-72.3
  • gdk-pixbuf-32bit >= 0.22.0-72.3
  • gdk-pixbuf-64bit >= 0.22.0-72.3
  • gdk-pixbuf-devel >= 0.22.0-72.3
SuSE Linux 9.0 for AMD64
SuSE Linux 9.0 for IA32
  • gdk-pixbuf >= 0.18.0-615
  • gdk-pixbuf-devel >= 0.18.0-615
SUSE LINUX 9.1 for IA32
SUSE LINUX 9.1 for x86-64
  • gdk-pixbuf >= 0.22.0-62.13
  • gdk-pixbuf-devel >= 0.22.0-62.13
SUSE LINUX 9.2
  • gdk-pixbuf >= 0.22.0-64.3
  • gdk-pixbuf-32bit >= 9.2-200511030547
  • gdk-pixbuf-devel >= 0.22.0-64.3
SUSE LINUX 9.3
  • gdk-pixbuf >= 0.22.0-67.3
  • gdk-pixbuf-32bit >= 9.3-7.1
  • gdk-pixbuf-devel >= 0.22.0-67.3