Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-7674

Опубликовано: 26 окт. 2015
Источник: debian

Описание

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gdk-pixbuffixed2.32.1-1package
gtk+2.0fixed2.21.5-1package

Примечания

  • https://www.openwall.com/lists/oss-security/2015/10/01/4

  • Fix for CVE-2015-7674: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa (2.32.1)

  • Additional hardening against further overflows (but not part of the CVE assignment): https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22 (2.33.1)

  • The CVE is only assigned for the overflow in the pixops_scale_nearest function.

  • gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and build-depends on external gdk-pixbuf

Связанные уязвимости

ubuntu логотип

CVE-2015-7674

ubuntu
больше 10 лет назад

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.

redhat логотип

CVE-2015-7674

redhat
больше 10 лет назад

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.

nvd логотип

CVE-2015-7674

nvd
больше 10 лет назад

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.

github логотип

GHSA-m3cf-cwfr-2w97

github
больше 3 лет назад

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.

suse-cvrf логотип

SUSE-SU-2015:1787-1

suse-cvrf
больше 10 лет назад

Security update for gtk2