漏洞信息详情
GDK-Pixbuf多个安全漏洞
- CNNVD编号:CNNVD-200410-078
- 危害等级: 高危
- CVE编号: CVE-2004-0783
- 漏洞类型: 设计错误
- 发布时间: 2004-09-15
- 威胁类型: 远程
- 更新时间: 2010-04-02
- 厂 商: gtk
- 漏洞来源: Chris Evans※ chris...
漏洞简介
gdk-pixbuf是一个用于图像加载和像素缓冲处理的工具包。 gdk-pixbuf存在多个问题,远程攻击者可以利用这个漏洞进行拒绝服务或缓冲区溢出攻击。 第一个问题(CAN-2004-0753)是在尝试对BMP图象进行解码时,在部分条件下,库会进入无限循环,消耗大量CPU资源。 第二和第三个问题是当库对XPM图象进行解码时,特殊构建的图象文件可导致使用此库的应用程序崩溃或可能执行用户提供的代码。 第四个和最后一个漏洞是在尝试解析ICO图象时,特殊的ICO文件可导致应用程序崩溃。
漏洞公告
厂商补丁: Debian ------ Debian已经为此发布了安全公告(DSA-549-1、DSA-546-1)以及相应补丁:
DSA-549-1:New gtk+2.0 packages fix several vulnerabilities
链接: http://www.debian.org/security/2002/dsa-549
DSA-546-1:New gdk-pixbuf packages fix several vulnerabilities
链接: http://www.debian.org/security/2002/dsa-546
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2-5woody2.dsc
Size/MD5 checksum: 863 e1fb1114b9e8a2a41696f9ce87e63695
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2-5woody2.diff.gz
Size/MD5 checksum: 46831 2efce3a3481974044c1a6a1011954f18
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2.orig.tar.gz
Size/MD5 checksum: 7835836 dc80381b84458d944c5300a1672c099c
Architecture independent components:
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.0.2-5woody2_all.deb
Size/MD5 checksum: 1378706 d2d6f488c0a77c93ed5a8fd151741543
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_alpha.deb
Size/MD5 checksum: 220806 d754d0cecc3f82d64be319c55dff5c8e
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_alpha.deb
Size/MD5 checksum: 1102 d3ccf8d6e3b666f6dc71c35f20a6cb77
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_alpha.deb
Size/MD5 checksum: 1585238 13f238596d197ad27933c3f3e27269f7
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_alpha.deb
Size/MD5 checksum: 595896 57264f5be6eb488ea9607cd2f7058e08
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_alpha.deb
Size/MD5 checksum: 5878498 0ffc094ffe8ef6fdd11b38484ea90477
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_alpha.deb
Size/MD5 checksum: 178322 14de2746abdb546a703aeec243e28a12
ARM architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_arm.deb
Size/MD5 checksum: 214610 c2a2b4874321a68a912afcac8efe4432
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_arm.deb
Size/MD5 checksum: 1106 d78aba4e1a787ac217dc055dc8e5d77a
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_arm.deb
Size/MD5 checksum: 1419902 92ed65acd376e565968d534df0e56b4f
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_arm.deb
Size/MD5 checksum: 595286 a8f465878ea70bb232fc4fc7d460462d
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_arm.deb
Size/MD5 checksum: 2904044 843cba67b1831b001b9186c11d7d5c72
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_arm.deb
Size/MD5 checksum: 177272 f02861b5aa96ea782f041db0ba00fe11
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_i386.deb
Size/MD5 checksum: 214932 abd81a3388a82c15364189b0321c931a
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_i386.deb
Size/MD5 checksum: 1102 6a63e94e140d45afd8d30f1a6aeaf4fa
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_i386.deb
Size/MD5 checksum: 1289428 a1f0196674f1556a9700a29912ed4b77
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_i386.deb
Size/MD5 checksum: 595384 485b9ec09c0ddfa5564b25c2fcec58f7
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_i386.deb
Size/MD5 checksum: 2722306 a59b27568500db9dcd8a2ffbf2866f2b
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_i386.deb
Size/MD5 checksum: 177140 245e88cb2addad57e7273b76fb145930
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_ia64.deb
Size/MD5 checksum: 230652 df3f392fc1d8f749134f03413e6b07b3
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_ia64.deb
Size/MD5 checksum: 1098 9f692a19e0d16699852bf7c16de2a05b
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_ia64.deb
Size/MD5 checksum: 2076782 8b4e1e4a232881916a2da1f39f3bff18
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_ia64.deb
Size/MD5 checksum: 596736 fbaedfd29974d78a92de77666be3ca6a
参考网址
来源:US-CERT Vulnerability Note: VU#369358 名称: VU#369358 链接:http://www.kb.cert.org/vuls/id/369358 来源: REDHAT 名称: RHSA-2004:466 链接:http://www.redhat.com/support/errata/RHSA-2004-466.HTML 来源: REDHAT 名称: RHSA-2004:447 链接:http://www.redhat.com/support/errata/RHSA-2004-447.HTML 来源: FEDORA 名称: FLSA:2005 链接:https://bugzilla.fedora.us/show_bug.cgi?id=2005 来源: XF 名称: gtk-xpm-xpmextractcolor-bo(17385) 链接:http://xforce.iss.net/xforce/xfdb/17385 来源: MANDRAKE 名称: MDKSA-2004:096 链接:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 来源: MANDRAKE 名称: MDKSA-2004:095 链接:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095 来源: scary.beasts.org 链接:http://scary.beasts.org/security/CESA-2004-005.txt 来源: OVAL 名称: oval:org.mitre.oval:def:9348 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9348 来源: BUGTRAQ 名称: 20040915 CESA-2004-005: gtk+ XPM decoder 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109528994916275&w=2 来源: BID 名称: 11195 链接:http://www.securityfocus.com/bid/11195 来源: FEDORA 名称: FLSA-2005:155510 链接:http://www.securityfocus.com/archive/1/archive/1/419771/100/0/threaded 来源: MANDRIVA 名称: MDKSA-2005:214 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:214 来源: SUNALERT 名称: 101776 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101776-1 来源: SECUNIA 名称: 17657 链接:http://secunia.com/advisories/17657 来源: CONECTIVA 名称: CLA-2004:875 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875 来源: US Government Resource: oval:org.mitre.oval:def:1786 名称: oval:org.mitre.oval:def:1786 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1786
受影响实体
- Gtk Gtk%2b:2.2.4
- Gtk Gtk%2b:2.2.1
- Gtk Gtk%2b:2.2.3
- Gtk Gtk%2b:2.0.6
- Gtk Gtk%2b:2.0.2
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论