Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
Software | From | Fixed in |
---|---|---|
gnome / gdkpixbuf | 0.17 | 0.17.x |
gnome / gdkpixbuf | 0.18 | 0.18.x |
gnome / gdkpixbuf | 0.20 | 0.20.x |
gnome / gdkpixbuf | 0.22 | 0.22.x |
gnome / gtk | 2.0.2 | 2.0.2.x |
gnome / gtk | 2.0.6 | 2.0.6.x |
gnome / gtk | 2.2.1 | 2.2.1.x |
gnome / gtk | 2.2.3 | 2.2.3.x |
gnome / gtk | 2.2.4 | 2.2.4.x |