7.5

CVE-2004-0783

Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string.  NOTE: this identifier is ONLY for gtk+.  It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeGdkpixbuf Version0.17
GnomeGdkpixbuf Version0.18
GnomeGdkpixbuf Version0.20
GnomeGdkpixbuf Version0.22
GnomeGtk Version2.0.2
GnomeGtk Version2.0.6
GnomeGtk Version2.2.1
GnomeGtk Version2.2.3
GnomeGtk Version2.2.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.43% 0.948
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://bugzilla.fedora.us/show_bug.cgi?id=2005
Issue Tracking
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096
Third Party Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875
Third Party Advisory
http://secunia.com/advisories/17657
Broken Link
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:214
Broken Link
http://www.redhat.com/support/errata/RHSA-2004-447.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2004-466.html
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/419771/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/11195
Third Party Advisory
VDB Entry
http://marc.info/?l=bugtraq&m=109528994916275&w=2
Third Party Advisory
http://scary.beasts.org/security/CESA-2004-005.txt
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101776-1
Third Party Advisory
http://www.kb.cert.org/vuls/id/369358
Third Party Advisory
US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/17385
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1786
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9348
Broken Link