Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201510-6 ======================================== Severity: Medium Date : 2015-10-10 CVE-ID : CVE-2015-7673 CVE-2015-7674 Package : gdk-pixbuf2 Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package gdk-pixbuf2 before version 2.32.1-1 is vulnerable to denial of service and heap buffer overflow. Resolution ========= Upgrade to 2.32.1-1. # pacman -Syu "gdk-pixbuf2>=2.32.1-1" The problems have been fixed upstream in version 2.32.1. Workaround ========= None. Description ========== - CVE-2015-7673 (denial of service) It has been discovered that under certain circumstances while scaling a tga file a heap memory allocation may fail which is later used and leads to a denial of service. - CVE-2015-7673 (heap buffer overflow) It has been discovered that under certain circumstances while scaling a gif file a heap buffer overflow can occur. The cause of this issue was that the integer data type was incompatible with the details of how bitwise shifts were used. Impact ===== A remote attacker is able to use specially crafted tga or gif files to perform a denial of service attack or take advantage of a heap buffer overflow to possibly have other impact. References ========= https://access.redhat.com/security/cve/CVE-2015-7673 https://www.cve.org/CVERecord?id=CVE-2015-7674 https://seclists.org/oss-sec/2015/q4/18 https://seclists.org/oss-sec/2015/q4/19