Discover Government News

Arch Linux Security Advisory ASA-201510-6
========================================
Severity: Medium
Date    : 2015-10-10
CVE-ID  : CVE-2015-7673 CVE-2015-7674
Package : gdk-pixbuf2
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package gdk-pixbuf2 before version 2.32.1-1 is vulnerable to denial
of service and heap buffer overflow.

Resolution
=========
Upgrade to 2.32.1-1.

# pacman -Syu "gdk-pixbuf2>=2.32.1-1"

The problems have been fixed upstream in version 2.32.1.

Workaround
=========
None.

Description
==========
- CVE-2015-7673 (denial of service)

It has been discovered that under certain circumstances while scaling a
tga file a heap memory allocation may fail which is later used and leads
to a denial of service.

- CVE-2015-7673 (heap buffer overflow)

It has been discovered that under certain circumstances while scaling a
gif file a heap buffer overflow can occur. The cause of this issue was
that the integer data type was incompatible with the details of how
bitwise shifts were used.

Impact
=====
A remote attacker is able to use specially crafted tga or gif files to
perform a denial of service attack or take advantage of a heap buffer
overflow to possibly have other impact.

References
=========
https://access.redhat.com/security/cve/CVE-2015-7673
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674
https://seclists.org/oss-sec/2015/q4/18
https://seclists.org/oss-sec/2015/q4/19

ArchLinux: 201510-6: gdk-pixbuf2: multiple issues

October 10, 2015

Summary

- CVE-2015-7673 (denial of service) It has been discovered that under certain circumstances while scaling a tga file a heap memory allocation may fail which is later used and leads to a denial of service.
- CVE-2015-7673 (heap buffer overflow)
It has been discovered that under certain circumstances while scaling a gif file a heap buffer overflow can occur. The cause of this issue was that the integer data type was incompatible with the details of how bitwise shifts were used.

Resolution

Upgrade to 2.32.1-1. # pacman -Syu "gdk-pixbuf2>=2.32.1-1"
The problems have been fixed upstream in version 2.32.1.

References

https://access.redhat.com/security/cve/CVE-2015-7673 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674 https://seclists.org/oss-sec/2015/q4/18 https://seclists.org/oss-sec/2015/q4/19

Severity
Package : gdk-pixbuf2
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News