CVE-2005-2976

Name of the Vulnerable Software and Affected Versions gdk-pixbuf-gnome version 0.22.0 gtk2 versions prior to 2.8.7 gdk-pixbuf-devel version 0.22.0 libgtk-common (affected versions not specified) libgtk2.0-dbg (affected versions not specified) gtk2-devel (affected versions not specified) gtk2-doc (affected versions not specified) gtk+ versions prior to 2.8.6-r1

Description The issue involves multiple vulnerabilities in various packages of different Linux operating systems, including Red Hat Enterprise Linux, SUSE Linux Enterprise, Debian GNU/Linux, and Gentoo Linux. These vulnerabilities can be exploited remotely, leading to a denial of service or potentially allowing attackers to execute arbitrary code. Specifically, an integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 allows attackers to cause a crash or execute arbitrary code via an XPM file with large height, width, and color values.

Recommendations For gdk-pixbuf-gnome version 0.22.0, update to a version later than 0.22.0. For gtk2 versions prior to 2.8.7, update to version 2.8.7 or later. For gdk-pixbuf-devel version 0.22.0, update to a version later than 0.22.0. For libgtk-common, libgtk2.0-dbg, gtk2-devel, and gtk2-doc, update to the latest available version. For gtk+ versions prior to 2.8.6-r1, update to version 2.8.6-r1 or later. As a temporary workaround, consider restricting access to vulnerable components until a patch is available.