First Last Prev Next    This bug is not in your last search results.
Bug 74688 - (CVE-2005-0891) VUL-0: CVE-2005-0891: gdk-pixbuf double free
(CVE-2005-0891)
VUL-0: CVE-2005-0891: gdk-pixbuf double free
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other All
: P5 - None : Normal
: ---
Assigned To: E-mail List
Security Team bot
CVE-2005-0891: CVSS v2 Base Score: 5....
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-29 08:21 UTC by Ludwig Nussel
Modified: 2021-10-27 16:01 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2005-03-29 08:21:58 UTC 
We received the following report via vendor-sec.
The issue is public.

If it's not exploitable we probably don't need to fix it right now.

Date: Mon, 28 Mar 2005 09:51:44 -0500
From: Josh Bressers <bressers@redhat.com>
To: vendor-sec@lst.de
Subject: [vendor-sec] [mclasen@redhat.com: gdk-pixbuf bmp crashes]

This issue was brought to our attention by our gtk maintainer.

It's a double free issue when dealing with BMP issues, but the codepath
seems to be free once, start cleaning up, free again.  This leads me to
believe it's just going to be a DoS rather than allow arbitrary code
execution.

-- 
    JB


----- Forwarded message from Matthias Clasen <mclasen@redhat.com> -----

Subject: gdk-pixbuf bmp crashes
From: Matthias Clasen <mclasen@redhat.com>
Date: Mon, 28 Mar 2005 09:05:27 -0500

The gdk-pixbuf bmp loader can be tricked into a double free, see
http://bugzilla.gnome.org/show_bug.cgi?id=171707
Demo image here: 
http://bugzilla.gnome.org/attachment.cgi?id=39270&action=view

This probably affects all version of gtk we ship. I haven't checked
if it also affects the standalone gdk-pixbuf package.

The bug http://bugzilla.gnome.org/show_bug.cgi?id=150664
has a collection of valid and invalid bmp test images in an attachment
(http://bugzilla.gnome.org/attachment.cgi?id=39312&action=view)
which we might want to give to QA for checking our other image
loaders...

Matthias


----- End forwarded message -----
_______________________________________________
Vendor Security mailing list
Vendor Security@lst.de
https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec
Comment 1 Thomas Biege 2005-03-29 12:45:26 UTC 
It looks like the impact is limited to a denial-of-service condition and not 
being a code execution scenario. I did not find a hint that an attacker is 
able to overwrite the internal structures used by glibc for handling dyn. 
allocated memory chunks. The glibc implementation of SL 9.2 even catches 
double free bugs (unfortunately not safely).
Comment 2 Ludwig Nussel 2005-03-29 13:15:22 UTC 
so rather low prio. CAN-2005-0891
Comment 3 Ludwig Nussel 2005-03-31 09:05:33 UTC 
also affects gtk2
Comment 4 Ludwig Nussel 2005-04-08 13:15:32 UTC 
would you please fix this bug in stable so we can close it?
Comment 5 Stanislav Brabec 2005-04-08 13:41:27 UTC 
http://bugzilla.gnome.org/show_bug.cgi?id=171707#c5 backported to gdk-pixbuf.

gtk2 not fixed. It will be updated for sure during 10.0 release cycle to the
latest version.
Comment 6 Thomas Biege 2009-10-13 21:14:23 UTC 
CVE-2005-0891: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
First Last Prev Next    This bug is not in your last search results.