Vulnerability Description
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Gdkpixbuf | All versions |
| Gtk | Gtk\+ | 2.4.0 |
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txt
- http://secunia.com/advisories/17522
- http://secunia.com/advisories/17538
- http://secunia.com/advisories/17562
- http://secunia.com/advisories/17588
- http://secunia.com/advisories/17591
- http://secunia.com/advisories/17592
- http://secunia.com/advisories/17594
- http://secunia.com/advisories/17615
- http://secunia.com/advisories/17657
- http://secunia.com/advisories/17710
- http://secunia.com/advisories/17770
- http://secunia.com/advisories/17791
- http://secunia.com/advisories/18509
- http://securityreason.com/securityalert/188
FAQ
What is CVE-2005-3186?
CVE-2005-3186 is a vulnerability with a CVSS score of 7.5 (HIGH). Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to ...
How severe is CVE-2005-3186?
CVE-2005-3186 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3186?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gdkpixbuf, Gtk Gtk\+.