ID CVE-2004-0111
Summary gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:gdkpixbuf:0.18
    cpe:2.3:a:gnome:gdkpixbuf:0.18
  • cpe:2.3:a:gnome:gdkpixbuf:0.20
    cpe:2.3:a:gnome:gdkpixbuf:0.20
  • cpe:2.3:a:redhat:gdk_pixbuf:0.18.0-7:-:i386
    cpe:2.3:a:redhat:gdk_pixbuf:0.18.0-7:-:i386
  • cpe:2.3:a:redhat:gdk_pixbuf:0.18.0-7:-:i386_dev
    cpe:2.3:a:redhat:gdk_pixbuf:0.18.0-7:-:i386_dev
  • cpe:2.3:a:redhat:gdk_pixbuf:0.18.0-7:-:i386_gnome
    cpe:2.3:a:redhat:gdk_pixbuf:0.18.0-7:-:i386_gnome
  • SGI ProPack 2.3
    cpe:2.3:a:sgi:propack:2.3
  • SGI ProPack 2.4
    cpe:2.3:a:sgi:propack:2.4
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_servers
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_servers
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium_processor
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium_processor
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-464.NASL
    description Thomas Kristensen discovered a vulnerability in gdk-pixbuf (binary package libgdk-pixbuf2), the GdkPixBuf image library for Gtk, that can cause the surrounding application to crash. To exploit this problem, a remote attacker could send a carefully-crafted BMP file via mail, which would cause e.g. Evolution to crash but is probably not limited to Evolution.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15301
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15301
    title Debian DSA-464-1 : gdk-pixbuf - broken image handling
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-103.NASL
    description Updated gdk-pixbuf packages that fix a crash are now available. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. Thomas Kristensen discovered a bitmap file that would cause versions of gdk-pixbuf prior to 0.20 to crash. To exploit this flaw, an attacker would need to get a victim to open a carefully-crafted BMP file in an application that used gdk-pixbuf. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0111 to this issue. Users are advised to upgrade to these updated packages containing gdk-pixbuf version 0.22, which is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12476
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12476
    title RHEL 2.1 / 3 : gdk-pixbuf (RHSA-2004:103)
oval via4
  • accepted 2007-04-25T19:52:59.778-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    description gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
    family unix
    id oval:org.mitre.oval:def:845
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title Red Hat Enterprise 3 gdk-pixbuf Denial of Service
    version 34
  • accepted 2007-04-25T19:52:59.959-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    description gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
    family unix
    id oval:org.mitre.oval:def:846
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title Red Hat gdk-pixbuf Denial of Service
    version 34
redhat via4
advisories
  • rhsa
    id RHSA-2004:102
  • rhsa
    id RHSA-2004:103
refmap via4
bid 9842
debian DSA-464
fedora FLSA:2005
mandrake MDKSA-2004:020
xf gdk-pixbuf-bitmap-dos(15426)
Last major update 10-09-2008 - 15:25
Published 15-04-2004 - 00:00
Last modified 09-10-2017 - 21:30
Back to Top