Experts warn of yet another Linux hole

Another highly critical image-based security hole has been found, sparking a flurry of patches from Linux suppliers.

Another highly critical image-based security hole has been found, sparking a flurry of patches from Linux suppliers.

Exploitation in GdkPixBuf can be used to caused a denial of service or provide remote system access.

One is a variant of the previous discovered Qt hole in bitmap images that can make an application run in an infinite loop.

A second occurs in the "pixbuf_create_from_xpm()" function when decoding XPM images. A specially crafted image can cause a buffer overflow.

A third is a boundary error in the "xpm_extract_color()" function, again when decoding XPM images. This can also cause a buffer overlow.

And lastly, an input validation error in ICO image decoding can cause an integer overflow, causing a crash.

Secunia said in its advisory that there is no official updated version of GdkPixBuf.

So far, Red Hat, Debian, Fedora and MandrakeSoft have all put out updates and patches.

Kieren McCarthy writes for Techworld.com

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close