Bug 50204 (CVE-2004-0111) - VUL-0: CVE-2004-0111: evolution: remote denial-of-service
Summary: VUL-0: CVE-2004-0111: evolution: remote denial-of-service
Status: RESOLVED INVALID
Alias: CVE-2004-0111
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2004-0111: CVSS v2 Base Score: 5....
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-01 19:18 UTC by Thomas Biege
Modified: 2021-10-04 08:30 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
bitmap file for testing. (1.bmp) (4.96 KB, image/x-bmp)
2004-03-01 19:20 UTC, Thomas Biege 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2004-03-01 19:18:46 UTC 
Hi, 
we got a report from RedHat that evolution can be crashed remotely. 
 
Can you fix this in STABLE please. 
 
---------- Forwarded message ---------- 
Date: Thu, 26 Feb 2004 13:25:54 +0000 (GMT) 
From: Mark J Cox <mjc@redhat.com> 
To: vendor-sec@lst.de 
Cc: otaylor@redhat.com 
Subject: [vendor-sec] Evolution Denial of Service 
 
Thomas Kristensen sent to security@redhat.com a report of a malicious BMP 
file that causes Evolution to crash.  I assigned this CAN-2004-0111 and 
got permission to forward.  On investigation it turns out that the flaws 
in gdk-pixbuf that caused this was around gdk-pixbuf 0.20. 
 
        2002-09-27  Federico Mena Quintero  <federico@ximian.com> 
 
        * gdk-pixbuf/io-bmp.c: Merged the BMP loader fixes from GTK+ 
          HEAD up to 2002-09-04 (prior to 0.20) 
 
Anyone shipping Evolution set to use the standalone gdk-pixbuf versions 
before 0.20 will be vulnerable to this issue.  We'll be upgrading to the 
latest version so we haven't done a backported patch. 
 
Although the fix is public, the implications are not; so I'm proposing we 
embargo any advisories which mention this issue until March 10th at 
1400UTC. 
 
Mark 
    [ Part 2, ""  Application/OCTET-STREAM (Name: "1.bmp")  6.9KB. ] 
    [ Cannot display this part. Press "V" then "S" to save in a file. ]
Comment 1 Thomas Biege 2004-03-01 19:18:46 UTC 
<!-- SBZ_reproduce  -->
bmp will be attached.
Comment 2 Thomas Biege 2004-03-01 19:20:35 UTC 
Created attachment 16283 [details]
bitmap file for testing. (1.bmp)

Please note that this bug is still not public.
Comment 3 Stanislav Brabec 2004-03-01 19:39:32 UTC 
In stable, I see no crash. We have gdk-pixbuf-0.22.0 and Evolution does not use
standalong gdk-pixbuf.

It probably affects only Evolution 1.2.

Should I check older versions of SuSE Linux?

Maybe following fix is appropriate:

Wed Jun 19 19:11:14 CEST 2002 - jordi@suse.de
                                                                               
                     
- updated to version 0.18.0
        * Fixed the RGB 565 MSB -> MSB case in gdk-pixbuf-drawable
        * Fixed alignment issues in the BMP loader
        * Merged pixops.c from GTK+ HEAD
Comment 4 Thomas Biege 2004-03-01 20:15:28 UTC 
Thank you. 
You do not need to check older versions, I think the work is not worth the 
gain.
Comment 5 Thomas Biege 2009-10-13 20:15:48 UTC 
CVE-2004-0111: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)