Bug 116918 - CAN-2004-0111 gdk-pixbuf can crash with malicious BMP file
CAN-2004-0111 gdk-pixbuf can crash with malicious BMP file
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: gdk-pixbuf (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Owen Taylor
Brian Brock
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-02-26 08:41 EST by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-03-10 11:14:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2004-02-26 08:41:37 EST
Thomas Kristensen discovered a bitmap file that would cause the
Evolution mail reader to crash.  This issue was caused by a flaw that
affects versions of the gdk-pixbuf package prior to 0.20.  To exmploit
this a remote attacker could send via email a carefully crafted BMP
file to a victim which would cause Evolution to crash.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0111 to this issue.

Note: In Red Hat Enterprise Linux 3, Evolution does not use the
standalone gdk-pixbuf package and is not subject to this issue,
however other applications that may use gdk-pixbuf are still affected.

Embargoed until March 10 2004
Will upgrade to gdk-pixbuf > 0.20
Comment 1 Mark J. Cox (Product Security) 2004-03-08 07:35:29 EST
Note that Evolution is not shipped for for Red Hat Linux 2.1,
therefore exploitation would require some other package that relies on
gdk-pixbuf to be run.  Errata in progress, due to low risk may be
delayed until after March 10th.
Comment 2 Mark J. Cox (Product Security) 2004-03-10 09:44:59 EST
removing embargo
Comment 3 Mark J. Cox (Product Security) 2004-03-10 11:14:28 EST
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.