{"vuid":"VU#577654","idnumber":"577654","name":"GdkPixbuf ICO parser contains an integer overflow vulnerability","keywords":["gdk-pixbuf","GdkPixbuf","ico loader","integer overflow"],"overview":"An integer overflow vulnerability exists in the ICO handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition.","clean_desc":"GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user interfaces. It is used by the Gnome desktop and other applications. GdkPixbuf contains an integer overflow vulnerability in the DecodeHeader() function of the ICO loading routine.","impact":"By convincing the user to open a specially crafted ICO file, an attacker could cause a denial of service by crashing the application that uses GdkPixbuf.","resolution":"Apply a patch from your vendor\nFor vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document. Upgrade your version of gtk+ Upgrade your system as specified by your vendor. If you need to compile the software from the original source, get gtk+ 2.4.10.","workarounds":"","sysaffected":"","thanks":"Thanks to Chris Evans for reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["http://secunia.com/advisories/12542/","http://www.securitytracker.com/alerts/2004/Sep/1011285.html","http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:095","https://rhn.redhat.com/errata/RHSA-2004-447.html"],"cveids":["CVE-2004-0788"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-09-15T17:33:20Z","publicdate":"2004-09-15T00:00:00Z","datefirstpublished":"2004-10-01T14:57:29Z","dateupdated":"2004-11-01T19:14:43Z","revision":13,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"3","cam_easeofexploitation":"7","cam_attackeraccessrequired":"15","cam_scorecurrent":"1.771875","cam_scorecurrentwidelyknown":"2.21484375","cam_scorecurrentwidelyknownexploited":"3.98671875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.771875,"vulnote":null}