USN-108-1: GDK vulnerability

6 April 2005

gtk+2.0, gdk-pixbuf vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

Matthias Clasen discovered a Denial of Service vulnerability in the BMP image module of gdk. Processing a specially crafted BMP image with an application using gdk-pixbuf caused an allocated memory block to be free()‘ed twice, leading to a crash of the application. However, it is believed that this cannot be exploited to execute arbitrary attacker provided code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
libgdk-pixbuf2
libgtk2.0-0

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References