FKIE_CVE-2004-0782

Vulnerability from fkie_nvd - Published: 2004-10-20 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
References
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875Third Party Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109528994916275&w=2Third Party Advisory
cve@mitre.orghttp://scary.beasts.org/security/CESA-2004-005.txtThird Party Advisory
cve@mitre.orghttp://secunia.com/advisories/17657Broken Link
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-101776-1Third Party Advisory
cve@mitre.orghttp://www.debian.org/security/2004/dsa-546Third Party Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/729894Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2005:214Broken Link
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-447.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-466.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/419771/100/0/threadedThird Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/bid/11195Third Party Advisory, VDB Entry
cve@mitre.orghttps://bugzilla.fedora.us/show_bug.cgi?id=2005Issue Tracking
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17386Third Party Advisory, VDB Entry
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11539Broken Link
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1617Broken Link
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109528994916275&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://scary.beasts.org/security/CESA-2004-005.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17657Broken Link
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-101776-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-546Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/729894Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2005:214Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-447.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-466.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/419771/100/0/threadedThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11195Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.fedora.us/show_bug.cgi?id=2005Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17386Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11539Broken Link
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1617Broken Link
Impacted products
Vendor Product Version
gnome gdkpixbuf 0.17
gnome gdkpixbuf 0.18
gnome gdkpixbuf 0.20
gnome gdkpixbuf 0.22
gnome gtk 2.0.2
gnome gtk 2.0.6
gnome gtk 2.2.1
gnome gtk 2.2.3
gnome gtk 2.2.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdkpixbuf:0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AA48440-1F4A-4F3D-AA56-2F7A4B10FB49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdkpixbuf:0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A45519F-F073-4722-B40D-C29C0862ED2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdkpixbuf:0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "202DC858-A31A-4790-80CA-16F033E1B7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdkpixbuf:0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "A033173F-C1F9-48D3-8506-CF4A901FFE14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gtk:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E511D1A-953C-4B5E-97A8-14F877F147C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gtk:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "198F75F0-AB90-4C20-B444-812C94D0525A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gtk:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C02EA95-4879-4A9C-8F25-979D30E712A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gtk:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49EFF6F8-030B-402C-9787-73B3C0EA94D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gtk:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFDE421C-A500-4FE0-BCD6-2F01A653296B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow.  NOTE: this identifier is ONLY for gtk+.  It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687)."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en pixbuf_create_from_xpm (io-xpm.c) en el decodificador de im\u00e1genes XPM de gtk+ 2.4.4 (gtk2) y anteriores, y gdk-pixbuf anteriores a 0.22 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante ciertos valores n_col y cpp que permiten un desbordamiento de b\u00fafer basado en el mont\u00f3n."
    }
  ],
  "id": "CVE-2004-0782",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-10-20T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000875"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=109528994916275\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://scary.beasts.org/security/CESA-2004-005.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/17657"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101776-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-546"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/729894"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:214"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-447.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-466.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/419771/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/11195"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2005"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17386"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11539"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=109528994916275\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://scary.beasts.org/security/CESA-2004-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/17657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101776-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/729894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-447.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-466.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/419771/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/11195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1617"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.