[CCID News] A high-risk vulnerability associated with the image in Linux, so that Linux vendors began to patch without a patch.
This vulnerability appears in GDKPixBuf, which can lead to a deny service attack or provide remote system access.
There are several vulnerabilities. One is a variant of the previously discovered QT vulnerability, which exists in a bitmap image, which can operate in a dead cycle. The second is "PIXBUF_CREATE_FROM_XPM ()", which occurs when decoding the XPM image. The third is the boundary error of the "XPM_EXTRACT_COLOR ()" function, which occurs when decoding the XPM image, and can also result in buffering overflow. The last one is an input confirmation error when ICO image decoding, which can result in integer overflow.
According to Secunia, in its consultation report, there is currently no formal GDKPixBuf upgrade version. However, companies such as Red Hat, Debian, Fedora and Mandrakesoft have released their respective patches and upgraded versions.
From:
Sidi Net
