Arch Linux: ASA-202310-8 Critical gdk-pixbuf Code Execution Vulnerability
Oct 13, 2016
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package gdk-pixbuf2 before version 2.36.0+2+ga7c869a-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201610-9 ======================================== Severity: Critical Date : 2016-10-13 CVE-ID : CVE-2016-6352 Package : gdk-pixbuf2 Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package gdk-pixbuf2 before version 2.36.0+2+ga7c869a-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 2.36.0+2+ga7c869a-1. # pacman -Syu "gdk-pixbuf2>=2.36.0+2+ga7c869a-1" The problem has been fixed upstream in version 2.35.3. Workaround ========= None. Description ========== An out-of-bounds write has been discovered in the OneLine32() function while parsing an ico file. A maliciously crafted file can cause the application to crash or possibly execute arbitrary code. Impact ===== A remote attacker is able to use a specially crafted ico file that, when loaded, is leading to arbitrary code execution. References ========= https://bugzilla.gnome.org/show_bug.cgi?id=769170 https://bugzilla.redhat.com/show_bug.cgi?id=1349751 https://access.redhat.com/security/cve/CVE-2016-6352
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!