2017-07-20
ALT-BU-2017-3246-1
Branch sisyphus update bulletin.
Package libgdk-pixbuf updated to version 2.36.7-alt1 for branch sisyphus in task 185588.
Closed vulnerabilities
Published: 2017-09-05
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2017-2862
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.
Severity: MEDIUM (6.8)
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.debian.org/security/2017/dsa-3978
- http://www.securityfocus.com/bid/100541
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366
- http://www.debian.org/security/2017/dsa-3978
- http://www.securityfocus.com/bid/100541
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366
Published: 2017-09-05
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2017-2870
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.
Severity: MEDIUM (6.8)
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.securityfocus.com/bid/100541
- https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377
- http://www.securityfocus.com/bid/100541
- https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377