CVE-2005-3186

Name of the Vulnerable Software and Affected Versions GTK+ version 2.4.0 GTK+ versions prior to 2.8.6-r1

Description The issue is related to an integer overflow in the GTK+ gdk-pixbuf XPM image rendering library, which can lead to a heap-based buffer overflow, allowing attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated. Multiple vulnerabilities in various packages, including gdk-pixbuf-gnome, gtk2, gdk-pixbuf-devel, libgtk-common, libgtk2.0-dbg, gtk2-devel, and gtk2-doc, can be exploited remotely, leading to disruption of protected information.

Recommendations For GTK+ version 2.4.0, update to a version later than 2.4.0 to resolve the issue. For GTK+ versions prior to 2.8.6-r1, update to version 2.8.6-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to XPM files to minimize the risk of exploitation.