Code Flaws Open Linux Apps to Attack

"Vulnerabilities in code libraries that could potentially affect open-source programs using the GUI toolkit GTK+ were reported on the security Web site Secunia on Thursday. As initially discovered by Chris Evans, these problems could theoretically be exploited to spark a DDoS (distributed denial of service) attack and otherwise compromise a computer system.

One vulnerability, which affects BMP image processing in applications, could be taken advantage of to create an infinite loop in the application. This could affect open-source image editors, for example.

Two others rely on handling errors while decoding images in the XPixMap (XPM) format developed in 1989. These vulnerabilities could be exploited by the use of an XPM image to create either an integer or buffer overflow, either of which could allow the execution of malicious code."

WinBeta.org - Code Flaws Open Linux Apps to Attack