Debian: DLA-2043-1 Moderate: gdk-pixbuf Denial Of Service Issues
debian lts
December 19, 2019
Several issues in gdk-pixbuf, a library to handle pixbuf, have been found
Summary
CVE-2017-2870
Fix for an exploitable integer overflow vulnerability in the
tiff_image_parse functionality. When software is compiled with
clang, A specially crafted tiff file can cause a heap-overflow
resulting in remote code execution. Debian package is compiled
with gcc and is not affected, but probably some downstream is.
CVE-2017-6312
Fix for an integer overflow in io-ico.c that allows attackers to cause a denial of service (segmentation fault and application
crash) via a crafted image
CVE-2017-6313
Fix for an integer underflow in the load_resources function in
io-icns.c that allows attackers to cause a denial of service
(out-of-bounds read and program crash) via a crafted image entry
size in an ICO file
CVE-2017-6314
Fix for an infinite loop in the make_available_at_least function
in io-tiff.c that allows attackers to cause a denial of service
via a large TIFF file.
PREVIOUS
NEXT
Package: gdk-pixbuf
Version: 2.31.1-2+deb8u8
CVE ID: CVE-2016-6352 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!