2017-07-20
ALT-BU-2017-3246-1
Branch sisyphus update bulletin.
Package libgdk-pixbuf updated to version 2.36.7-alt1 for branch sisyphus in task 185588.
Closed vulnerabilities
Published: 2017-09-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-2862
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2017-09-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-2870
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- 100541
- 100541
- [debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update
- [debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377