Secunia Security Advisory – Some vulnerabilities have been reported in GTK+, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user’s system. 1) An integer overflow error in /gtk+/gdk-pixbuf/io-xpm.c when processing XPM files can be exploited to cause a heap-based buffer overflow. This may be exploited to execute arbitrary code when a specially crafted XPM file is opened in an application that is linked with the library. This may be related to vulnerability #2 in: SA12542 2) An error in /gtk+/gdk-pixbuf/io-xpm.c can cause an infinite loop when processing a XPM file with a large number of colours. This can be exploited to cause an application linked with the library to stop responding when a malicious XPM file is opened. 3) An integer overflow error exists in /gtk+/gdk-pixbuf/io-xpm.c when performing calculations using the height, width and colours of a XPM file. This may be exploited to execute arbitrary code or to crash an application that is linked with the library when a malicious XPM file is opened.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/41576/sa17522.txt
Source: https://packetstormsecurity.com/files/41576/Secunia-Security-Advisory-17522.html