ArchLinux: 201510-6: gdk-pixbuf2: multiple issues
Summary
- CVE-2015-7673 (denial of service)
It has been discovered that under certain circumstances while scaling a
tga file a heap memory allocation may fail which is later used and leads
to a denial of service.
- CVE-2015-7673 (heap buffer overflow)
It has been discovered that under certain circumstances while scaling a
gif file a heap buffer overflow can occur. The cause of this issue was
that the integer data type was incompatible with the details of how
bitwise shifts were used.
Resolution
Upgrade to 2.32.1-1.
# pacman -Syu "gdk-pixbuf2>=2.32.1-1"
The problems have been fixed upstream in version 2.32.1.
References
https://access.redhat.com/security/cve/CVE-2015-7673 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674 https://seclists.org/oss-sec/2015/q4/18 https://seclists.org/oss-sec/2015/q4/19
Workaround
None.