• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: GTK2 GDKPixBufLoader Remote Denial of Service Vulnerability

Severity: MODERATE

Description:

The gtk2 package contains the GIMP ToolKit (GTK+), a graphics library for use with the X Window System.

Applications using the gtk2 library may be prone to a denial-of-service vulnerability because the 'GdkPixbuLoader()' function fails to properly handle malformed image data. An attacker can exploit this issue by enticing a victim user to open a malformed image file with an application using the library. This would cause the application to crash.

A successful exploit will cause denial-of-service conditions, preventing legitimate users from using certain applications.

Affected Products:

• Avaya Messaging Storage Server MM3.0
• Debian Linux 3.1.0
• Debian Linux 3.1.0 alpha
• Debian Linux 3.1.0 amd64
• Debian Linux 3.1.0 arm
• Debian Linux 3.1.0 hppa
• Debian Linux 3.1.0 ia-32
• Debian Linux 3.1.0 ia-64
• Debian Linux 3.1.0 m68k
• Debian Linux 3.1.0 mips
• Debian Linux 3.1.0 mipsel
• Debian Linux 3.1.0 ppc
• Debian Linux 3.1.0 s/390
• Debian Linux 3.1.0 sparc
• GTK GTK+ 2.10.3
• GTK GTK+ 2.4.13
• GTK GTK+ 2.8.6
• MandrakeSoft Corporate Server 3.0.0
• MandrakeSoft Corporate Server 3.0.0 x86_64
• MandrakeSoft Corporate Server 4.0
• MandrakeSoft Corporate Server 4.0.0 x86_64
• MandrakeSoft Linux Mandrake 2007.0
• MandrakeSoft Linux Mandrake 2007.0 x86_64
• Pardus Linux 2007.1
• RedHat Desktop 4.0.0
• RedHat Enterprise Linux AS 4
• RedHat Enterprise Linux ES 4
• RedHat Enterprise Linux WS 4
• S.u.S.E. openSUSE 10.2
• Ubuntu Ubuntu Linux 5.10.0 amd64
• Ubuntu Ubuntu Linux 5.10.0 i386
• Ubuntu Ubuntu Linux 5.10.0 powerpc
• Ubuntu Ubuntu Linux 5.10.0 sparc
• Ubuntu Ubuntu Linux 6.06 LTS amd64
• Ubuntu Ubuntu Linux 6.06 LTS i386
• Ubuntu Ubuntu Linux 6.06 LTS powerpc
• Ubuntu Ubuntu Linux 6.06 LTS sparc
• Ubuntu Ubuntu Linux 6.10 amd64
• Ubuntu Ubuntu Linux 6.10 i386
• Ubuntu Ubuntu Linux 6.10 powerpc
• Ubuntu Ubuntu Linux 6.10 sparc
• rPath rPath Linux 1

References:

• Avaya: ASA-2007-053 - gtk2 security update (RHSA-2007-0019)
• CVE: CVE-2007-0010
• Redhat: Bugzilla Bug 218932: CVE-2007-0010 GdbPixbufLoader fails to handle invalid input
• Rehat: gtk2 security update

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.