Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:2393-1

Опубликовано: 08 сент. 2017
Источник: suse-cvrf

Описание

Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues:

  • CVE-2017-2862: JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability (bsc#1048289)
  • CVE-2017-2870: tiff_image_parse Code Execution Vulnerability (bsc#1048544)
  • CVE-2017-6313: A dangerous integer underflow in io-icns.c (bsc#1027024)
  • CVE-2017-6314: Infinite loop in io-tiff.c (bsc#1027025)
  • CVE-2017-6312: Out-of-bounds read on io-ico.c (bsc#1027026)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2
gdk-pixbuf-2.34.0-10.1
gdk-pixbuf-devel-2.34.0-10.1
gdk-pixbuf-devel-32bit-2.34.0-10.1
gdk-pixbuf-lang-2.34.0-10.1
gdk-pixbuf-query-loaders-2.34.0-10.1
gdk-pixbuf-query-loaders-32bit-2.34.0-10.1
libgdk_pixbuf-2_0-0-2.34.0-10.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-10.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-10.1
openSUSE Leap 42.3
gdk-pixbuf-2.34.0-10.1
gdk-pixbuf-devel-2.34.0-10.1
gdk-pixbuf-devel-32bit-2.34.0-10.1
gdk-pixbuf-lang-2.34.0-10.1
gdk-pixbuf-query-loaders-2.34.0-10.1
gdk-pixbuf-query-loaders-32bit-2.34.0-10.1
libgdk_pixbuf-2_0-0-2.34.0-10.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-10.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-10.1

Ссылки

Описание

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.

Затронутые продукты
openSUSE Leap 42.2:gdk-pixbuf-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-devel-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-devel-32bit-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-lang-2.34.0-10.1
Ссылки

Описание

An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.

Затронутые продукты
openSUSE Leap 42.2:gdk-pixbuf-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-devel-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-devel-32bit-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-lang-2.34.0-10.1
Ссылки

Описание

Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

Затронутые продукты
openSUSE Leap 42.2:gdk-pixbuf-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-devel-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-devel-32bit-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-lang-2.34.0-10.1
Ссылки

Описание

Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.

Затронутые продукты
openSUSE Leap 42.2:gdk-pixbuf-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-devel-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-devel-32bit-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-lang-2.34.0-10.1
Ссылки

Описание

The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

Затронутые продукты
openSUSE Leap 42.2:gdk-pixbuf-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-devel-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-devel-32bit-2.34.0-10.1
openSUSE Leap 42.2:gdk-pixbuf-lang-2.34.0-10.1
Ссылки
Уязвимость openSUSE-SU-2017:2393-1