CVE-2017-6314

Опубликовано: 10 мар. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

Ссылки

http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/21/4
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/26/1
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/96779
Third Party Advisory
VDB Entry
https://bugzilla.gnome.org/show_bug.cgi?id=779020
Exploit
Issue Tracking
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/
https://security.gentoo.org/glsa/201709-08
Third Party Advisory
http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/21/4
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/26/1
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/96779
Third Party Advisory
VDB Entry
https://bugzilla.gnome.org/show_bug.cgi?id=779020
Exploit
Issue Tracking
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/
https://security.gentoo.org/glsa/201709-08
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*

Версия до 2.36.12 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00421

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-835

Связанные уязвимости

CVE-2017-6314

CVSS3: 5.5

ubuntu

почти 9 лет назад

The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

CVE-2017-6314

CVSS3: 3.3

redhat

почти 9 лет назад

The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

CVE-2017-6314

CVSS3: 5.5

debian

почти 9 лет назад

The make_available_at_least function in io-tiff.c in gdk-pixbuf allows ...

GHSA-c8q7-3fq2-cvvg

CVSS3: 5.5

github

больше 3 лет назад

The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

openSUSE-SU-2017:2393-1

suse-cvrf

больше 8 лет назад

Security update for gdk-pixbuf

EPSS

Процентиль: 61%

0.00421

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-835