Integer Overflow in XPM Image Decoder for GTK and GDK-Pixbuf
CVE-2004-0782

Currently unrated

Key Information:

Vendor: Gnome
Status: Gdkpixbuf; Gtk
Vendor: CVE Published:; 20 October 2004

Summary

An integer overflow vulnerability exists in the XPM image decoder of GTK+ (version 2.4.4 and earlier) and GDK-Pixbuf (before version 0.22). This flaw allows remote attackers to exploit certain values for 'n_col' and 'cpp', triggering a heap-based buffer overflow. Successful exploitation could allow the attacker to execute arbitrary code on the affected system. It is crucial for users of these products to apply security updates promptly to mitigate potential risks.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://bugzilla.fedora.us/show_bug.cgi?id=2005

vendor-advisoryx_refsource_FEDORA

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 20, 2004
Vulnerability Reserved
Aug 17, 2004