7.5

CVE-2005-2976

Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeGdkpixbuf Version0.22
GnomeGtk Version < 2.8.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.43% 0.901
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://secunia.com/advisories/17657
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:214
Third Party Advisory
Broken Link
http://secunia.com/advisories/17522
Vendor Advisory
http://secunia.com/advisories/17538
Vendor Advisory
http://secunia.com/advisories/17562
Vendor Advisory
http://secunia.com/advisories/17592
Vendor Advisory
http://secunia.com/advisories/17594
Vendor Advisory
http://secunia.com/advisories/17615
Vendor Advisory
http://secunia.com/advisories/17710
Vendor Advisory
http://secunia.com/advisories/17770
Vendor Advisory
http://secunia.com/advisories/17791
Vendor Advisory
http://securitytracker.com/id?1015216
Third Party Advisory
VDB Entry
http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf
Third Party Advisory
http://www.debian.org/security/2005/dsa-911
Third Party Advisory
http://www.debian.org/security/2005/dsa-913
Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml
Third Party Advisory
http://www.novell.com/linux/security/advisories/2005_65_gtk2.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2005-810.html
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/428052/100/0/threaded
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-216-1
Third Party Advisory
http://www.vupen.com/english/advisories/2005/2433
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/15428
Third Party Advisory
Broken Link
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11370
Broken Link