Описание
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application.
Отчет
This issue did not affect the versions of gdk-pixbuf as shipped with Red Hat Enterprise Linux 5.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | gdk-pixbuf | Not affected | ||
| Red Hat Enterprise Linux 5 | firefox | Fixed | RHSA-2015:1586 | 11.08.2015 |
| Red Hat Enterprise Linux 5 | thunderbird | Fixed | RHSA-2015:1682 | 25.08.2015 |
| Red Hat Enterprise Linux 6 | firefox | Fixed | RHSA-2015:1586 | 11.08.2015 |
| Red Hat Enterprise Linux 6 | thunderbird | Fixed | RHSA-2015:1682 | 25.08.2015 |
| Red Hat Enterprise Linux 6 | gdk-pixbuf2 | Fixed | RHSA-2015:1694 | 31.08.2015 |
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2015:1586 | 11.08.2015 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2015:1682 | 25.08.2015 |
| Red Hat Enterprise Linux 7 | gdk-pixbuf2 | Fixed | RHSA-2015:1694 | 31.08.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
Integer overflow in the make_filter_table function in pixops/pixops.c ...
EPSS
6.8 Medium
CVSS2