Search criteria
38 vulnerabilities found for gdk-pixbuf by gnome
CVE-2021-46829 (GCVE-0-2021-46829)
Vulnerability from nvd – Published: 2022-07-24 18:47 – Updated: 2024-08-04 05:17
VLAI?
Summary
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/07/23/1"
},
{
"name": "[oss-security] 20220725 Re: CVE Request: heap buffer overflow in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/25/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md"
},
{
"name": "FEDORA-2022-7254ec5e96",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5IHHEYFD6GDZVALKIPPRD2U4JNZUZWR/"
},
{
"name": "DSA-5228",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-12T07:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2022/07/23/1"
},
{
"name": "[oss-security] 20220725 Re: CVE Request: heap buffer overflow in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/25/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md"
},
{
"name": "FEDORA-2022-7254ec5e96",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5IHHEYFD6GDZVALKIPPRD2U4JNZUZWR/"
},
{
"name": "DSA-5228",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-46829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190"
},
{
"name": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121"
},
{
"name": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2"
},
{
"name": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512"
},
{
"name": "https://www.openwall.com/lists/oss-security/2022/07/23/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/07/23/1"
},
{
"name": "[oss-security] 20220725 Re: CVE Request: heap buffer overflow in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/07/25/1"
},
{
"name": "https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md",
"refsource": "MISC",
"url": "https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md"
},
{
"name": "FEDORA-2022-7254ec5e96",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5IHHEYFD6GDZVALKIPPRD2U4JNZUZWR/"
},
{
"name": "DSA-5228",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46829",
"datePublished": "2022-07-24T18:47:35",
"dateReserved": "2022-07-24T00:00:00",
"dateUpdated": "2024-08-04T05:17:42.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20240 (GCVE-0-2021-20240)
Vulnerability from nvd – Published: 2021-05-28 10:42 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity ?
No CVSS data available.
CWE
- CWE-191 - >CWE-787
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | gdk-pixbuf |
Affected:
gdk-pixbuf 2.42.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:22.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2021-2e59756cbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/"
},
{
"name": "FEDORA-2021-755ba8968a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/"
},
{
"name": "FEDORA-2021-c918632e13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gdk-pixbuf",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "gdk-pixbuf 2.42.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191-\u003eCWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-28T10:47:55",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2021-2e59756cbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/"
},
{
"name": "FEDORA-2021-755ba8968a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/"
},
{
"name": "FEDORA-2021-c918632e13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gdk-pixbuf",
"version": {
"version_data": [
{
"version_value": "gdk-pixbuf 2.42.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-191-\u003eCWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2021-2e59756cbe",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/"
},
{
"name": "FEDORA-2021-755ba8968a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/"
},
{
"name": "FEDORA-2021-c918632e13",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1926787",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20240",
"datePublished": "2021-05-28T10:42:35",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:22.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29385 (GCVE-0-2020-29385)
Vulnerability from nvd – Published: 2020-12-26 02:01 – Updated: 2024-08-04 16:55
VLAI?
Summary
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2020-29385"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164"
},
{
"name": "FEDORA-2021-2e59756cbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/"
},
{
"name": "FEDORA-2021-755ba8968a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/"
},
{
"name": "FEDORA-2021-c918632e13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c-\u003eself_code equals 10, self-\u003ecode_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self-\u003ecode_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-19T22:06:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gentoo.org/glsa/202012-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ubuntu.com/security/CVE-2020-29385"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164"
},
{
"name": "FEDORA-2021-2e59756cbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/"
},
{
"name": "FEDORA-2021-755ba8968a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/"
},
{
"name": "FEDORA-2021-c918632e13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c-\u003eself_code equals 10, self-\u003ecode_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self-\u003ecode_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS"
},
{
"name": "https://security.gentoo.org/glsa/202012-15",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/202012-15"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166"
},
{
"name": "https://ubuntu.com/security/CVE-2020-29385",
"refsource": "CONFIRM",
"url": "https://ubuntu.com/security/CVE-2020-29385"
},
{
"name": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164",
"refsource": "CONFIRM",
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164"
},
{
"name": "FEDORA-2021-2e59756cbe",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/"
},
{
"name": "FEDORA-2021-755ba8968a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/"
},
{
"name": "FEDORA-2021-c918632e13",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29385",
"datePublished": "2020-12-26T02:01:49",
"dateReserved": "2020-11-30T00:00:00",
"dateUpdated": "2024-08-04T16:55:09.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2897 (GCVE-0-2011-2897)
Vulnerability from nvd – Published: 2019-11-12 13:37 – Updated: 2024-08-06 23:15
VLAI?
Summary
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
Severity ?
No CVSS data available.
CWE
- GIF loader buffer overflow when initializing decompression tables
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gdk-pixbuf | gdk-pixbuf |
Affected:
through 2.31.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2897"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2897"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2897"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gdk-pixbuf",
"vendor": "gdk-pixbuf",
"versions": [
{
"status": "affected",
"version": "through 2.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "GIF loader buffer overflow when initializing decompression tables",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T13:37:35",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2897"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2897"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2897"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2897",
"datePublished": "2019-11-12T13:37:35",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:31.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12447 (GCVE-0-2017-12447)
Vulnerability from nvd – Published: 2019-03-07 22:00 – Updated: 2024-08-05 18:36
VLAI?
Summary
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:56.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=785979"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome"
},
{
"name": "USN-3912-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3912-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-20T20:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=785979"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome"
},
{
"name": "USN-3912-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3912-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=785979",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=785979"
},
{
"name": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome",
"refsource": "MISC",
"url": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome"
},
{
"name": "USN-3912-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3912-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12447",
"datePublished": "2019-03-07T22:00:00",
"dateReserved": "2017-08-04T00:00:00",
"dateUpdated": "2024-08-05T18:36:56.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000422 (GCVE-0-2017-1000422)
Vulnerability from nvd – Published: 2018-01-02 20:00 – Updated: 2024-08-05 22:00
VLAI?
Summary
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=785973"
},
{
"name": "DSA-4088",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4088"
},
{
"name": "USN-3532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3532-1/"
},
{
"name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1234-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00007.html"
},
{
"name": "GLSA-201804-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"datePublic": "2017-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=785973"
},
{
"name": "DSA-4088",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4088"
},
{
"name": "USN-3532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3532-1/"
},
{
"name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1234-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00007.html"
},
{
"name": "GLSA-201804-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201804-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000422",
"REQUESTER": "junxzm@hotmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=785973",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=785973"
},
{
"name": "DSA-4088",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4088"
},
{
"name": "USN-3532-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3532-1/"
},
{
"name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1234-1] gdk-pixbuf security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00007.html"
},
{
"name": "GLSA-201804-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000422",
"datePublished": "2018-01-02T20:00:00",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T22:00:41.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2870 (GCVE-0-2017-2870)
Vulnerability from nvd – Published: 2017-09-05 18:00 – Updated: 2024-09-16 17:48
VLAI?
Summary
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- remote code execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GNOME | Gdk-Pixbuf |
Affected:
2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc compiled with clang -O3 flag libtiff 4.0.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100541",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100541"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gdk-Pixbuf",
"vendor": "GNOME",
"versions": [
{
"status": "affected",
"version": "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc compiled with clang -O3 flag libtiff 4.0.6"
}
]
}
],
"datePublic": "2017-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:51",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "100541",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100541"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-08-30T00:00:00",
"ID": "CVE-2017-2870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gdk-Pixbuf",
"version": {
"version_data": [
{
"version_value": "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc compiled with clang -O3 flag libtiff 4.0.6"
}
]
}
}
]
},
"vendor_name": "GNOME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100541"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2870",
"datePublished": "2017-09-05T18:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T17:48:57.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2862 (GCVE-0-2017-2862)
Vulnerability from nvd – Published: 2017-09-05 18:00 – Updated: 2024-09-16 22:30
VLAI?
Summary
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- remote code execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GNOME | Gdk-Pixbuf |
Affected:
2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc libjpeg-turbo 1.5.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3978"
},
{
"name": "100541",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100541"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gdk-Pixbuf",
"vendor": "GNOME",
"versions": [
{
"status": "affected",
"version": "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc libjpeg-turbo 1.5.2"
}
]
}
],
"datePublic": "2017-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:41",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-3978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3978"
},
{
"name": "100541",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100541"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-08-30T00:00:00",
"ID": "CVE-2017-2862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gdk-Pixbuf",
"version": {
"version_data": [
{
"version_value": "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc libjpeg-turbo 1.5.2"
}
]
}
}
]
},
"vendor_name": "GNOME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3978",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3978"
},
{
"name": "100541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100541"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2862",
"datePublished": "2017-09-05T18:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T22:30:21.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6314 (GCVE-0-2017-6314)
Vulnerability from nvd – Published: 2017-03-10 02:00 – Updated: 2024-08-05 15:25
VLAI?
Summary
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779020"
},
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T03:06:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779020"
},
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=779020",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779020"
},
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "96779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96779"
},
{
"name": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html",
"refsource": "MISC",
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6314",
"datePublished": "2017-03-10T02:00:00",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-08-05T15:25:48.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6313 (GCVE-0-2017-6313)
Vulnerability from nvd – Published: 2017-03-10 02:00 – Updated: 2024-08-05 15:25
VLAI?
Summary
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779016"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T03:06:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779016"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=779016",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779016"
},
{
"name": "96779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96779"
},
{
"name": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html",
"refsource": "MISC",
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6313",
"datePublished": "2017-03-10T02:00:00",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-08-05T15:25:48.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6312 (GCVE-0-2017-6312)
Vulnerability from nvd – Published: 2017-03-10 02:00 – Updated: 2024-08-05 15:25
VLAI?
Summary
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779012"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T03:06:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779012"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=779012",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779012"
},
{
"name": "96779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96779"
},
{
"name": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html",
"refsource": "MISC",
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6312",
"datePublished": "2017-03-10T02:00:00",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-08-05T15:25:48.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6311 (GCVE-0-2017-6311)
Vulnerability from nvd – Published: 2017-03-10 02:00 – Updated: 2024-08-05 15:25
VLAI?
Summary
gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=778204"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T03:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=778204"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "96779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96779"
},
{
"name": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html",
"refsource": "MISC",
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=778204",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=778204"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "FEDORA-2020-418ce730df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6311",
"datePublished": "2017-03-10T02:00:00",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-08-05T15:25:48.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6352 (GCVE-0-2016-6352)
Vulnerability from nvd – Published: 2016-10-03 18:00 – Updated: 2024-08-06 01:29
VLAI?
Summary
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160726 Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b"
},
{
"name": "USN-3085-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3085-1"
},
{
"name": "[oss-security] 20160713 CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599"
},
{
"name": "openSUSE-SU-2016:2276",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=769170"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-19T20:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160726 Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b"
},
{
"name": "USN-3085-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3085-1"
},
{
"name": "[oss-security] 20160713 CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599"
},
{
"name": "openSUSE-SU-2016:2276",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=769170"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160726 Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/11"
},
{
"name": "https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b"
},
{
"name": "USN-3085-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3085-1"
},
{
"name": "[oss-security] 20160713 CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/11"
},
{
"name": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599"
},
{
"name": "openSUSE-SU-2016:2276",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00040.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=769170",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=769170"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6352",
"datePublished": "2016-10-03T18:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8875 (GCVE-0-2015-8875)
Vulnerability from nvd – Published: 2016-06-01 22:00 – Updated: 2024-08-06 08:29
VLAI?
Summary
Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:22.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3589",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3589"
},
{
"name": "[oss-security] 20160516 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/16/1"
},
{
"name": "USN-3085-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3085-1"
},
{
"name": "[oss-security] 20160512 Possible CVE request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/12/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22"
},
{
"name": "[oss-security] 20160517 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/17/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-03T17:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3589",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3589"
},
{
"name": "[oss-security] 20160516 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/16/1"
},
{
"name": "USN-3085-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3085-1"
},
{
"name": "[oss-security] 20160512 Possible CVE request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/12/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22"
},
{
"name": "[oss-security] 20160517 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/17/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-8875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3589",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3589"
},
{
"name": "[oss-security] 20160516 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/16/1"
},
{
"name": "USN-3085-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3085-1"
},
{
"name": "[oss-security] 20160512 Possible CVE request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/12/3"
},
{
"name": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22"
},
{
"name": "[oss-security] 20160517 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/17/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-8875",
"datePublished": "2016-06-01T22:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T08:29:22.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7674 (GCVE-0-2015-7674)
Vulnerability from nvd – Published: 2015-10-26 17:00 – Updated: 2024-08-06 07:58
VLAI?
Summary
Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa"
},
{
"name": "openSUSE-SU-2016:1467",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html"
},
{
"name": "openSUSE-SU-2016:0897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.1.news"
},
{
"name": "[oss-security] 20151005 Re: CVE request: Heap overflow with a gif file in gdk-pixbuf \u003c 2.32.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/05/7"
},
{
"name": "76955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76955"
},
{
"name": "USN-2767-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2767-1"
},
{
"name": "[oss-security] 20151001 CVE request: Heap overflow with a gif file in gdk-pixbuf \u003c 2.32.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/4"
},
{
"name": "[oss-security] 20151001 Re: CVE request: Heap overflow with a gif file in gdk-pixbuf \u003c 2.32.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/7"
},
{
"name": "DSA-3378",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3378"
},
{
"name": "[oss-security] 20151002 Re: CVE request: Heap overflow with a gif file in gdk-pixbuf \u003c 2.32.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/02/10"
},
{
"name": "GLSA-201512-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa"
},
{
"name": "openSUSE-SU-2016:1467",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html"
},
{
"name": "openSUSE-SU-2016:0897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.1.news"
},
{
"name": "[oss-security] 20151005 Re: CVE request: Heap overflow with a gif file in gdk-pixbuf \u003c 2.32.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/05/7"
},
{
"name": "76955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76955"
},
{
"name": "USN-2767-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2767-1"
},
{
"name": "[oss-security] 20151001 CVE request: Heap overflow with a gif file in gdk-pixbuf \u003c 2.32.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/4"
},
{
"name": "[oss-security] 20151001 Re: CVE request: Heap overflow with a gif file in gdk-pixbuf \u003c 2.32.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/7"
},
{
"name": "DSA-3378",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3378"
},
{
"name": "[oss-security] 20151002 Re: CVE request: Heap overflow with a gif file in gdk-pixbuf \u003c 2.32.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/02/10"
},
{
"name": "GLSA-201512-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201512-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa"
},
{
"name": "openSUSE-SU-2016:1467",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html"
},
{
"name": "openSUSE-SU-2016:0897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.html"
},
{
"name": "http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.1.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.1.news"
},
{
"name": "[oss-security] 20151005 Re: CVE request: Heap overflow with a gif file in gdk-pixbuf \u003c 2.32.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/05/7"
},
{
"name": "76955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76955"
},
{
"name": "USN-2767-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2767-1"
},
{
"name": "[oss-security] 20151001 CVE request: Heap overflow with a gif file in gdk-pixbuf \u003c 2.32.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/4"
},
{
"name": "[oss-security] 20151001 Re: CVE request: Heap overflow with a gif file in gdk-pixbuf \u003c 2.32.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/7"
},
{
"name": "DSA-3378",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3378"
},
{
"name": "[oss-security] 20151002 Re: CVE request: Heap overflow with a gif file in gdk-pixbuf \u003c 2.32.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/02/10"
},
{
"name": "GLSA-201512-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7674",
"datePublished": "2015-10-26T17:00:00",
"dateReserved": "2015-10-02T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7673 (GCVE-0-2015-7673)
Vulnerability from nvd – Published: 2015-10-26 17:00 – Updated: 2024-08-06 07:58
VLAI?
Summary
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c"
},
{
"name": "[oss-security] 20151001 CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf \u003c 2.32.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/3"
},
{
"name": "76953",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76953"
},
{
"name": "openSUSE-SU-2016:1467",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.0.news"
},
{
"name": "openSUSE-SU-2016:0897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d"
},
{
"name": "USN-2767-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2767-1"
},
{
"name": "[oss-security] 20151002 Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf \u003c 2.32.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/02/9"
},
{
"name": "DSA-3378",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3378"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e"
},
{
"name": "GLSA-201512-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c"
},
{
"name": "[oss-security] 20151001 CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf \u003c 2.32.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/3"
},
{
"name": "76953",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76953"
},
{
"name": "openSUSE-SU-2016:1467",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.0.news"
},
{
"name": "openSUSE-SU-2016:0897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d"
},
{
"name": "USN-2767-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2767-1"
},
{
"name": "[oss-security] 20151002 Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf \u003c 2.32.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/02/9"
},
{
"name": "DSA-3378",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3378"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e"
},
{
"name": "GLSA-201512-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201512-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c"
},
{
"name": "[oss-security] 20151001 CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf \u003c 2.32.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/3"
},
{
"name": "76953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76953"
},
{
"name": "openSUSE-SU-2016:1467",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html"
},
{
"name": "http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.0.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.0.news"
},
{
"name": "openSUSE-SU-2016:0897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.html"
},
{
"name": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d"
},
{
"name": "USN-2767-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2767-1"
},
{
"name": "[oss-security] 20151002 Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf \u003c 2.32.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/02/9"
},
{
"name": "DSA-3378",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3378"
},
{
"name": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e"
},
{
"name": "GLSA-201512-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7673",
"datePublished": "2015-10-26T17:00:00",
"dateReserved": "2015-10-02T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46829 (GCVE-0-2021-46829)
Vulnerability from cvelistv5 – Published: 2022-07-24 18:47 – Updated: 2024-08-04 05:17
VLAI?
Summary
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/07/23/1"
},
{
"name": "[oss-security] 20220725 Re: CVE Request: heap buffer overflow in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/25/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md"
},
{
"name": "FEDORA-2022-7254ec5e96",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5IHHEYFD6GDZVALKIPPRD2U4JNZUZWR/"
},
{
"name": "DSA-5228",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-12T07:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2022/07/23/1"
},
{
"name": "[oss-security] 20220725 Re: CVE Request: heap buffer overflow in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/25/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md"
},
{
"name": "FEDORA-2022-7254ec5e96",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5IHHEYFD6GDZVALKIPPRD2U4JNZUZWR/"
},
{
"name": "DSA-5228",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-46829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190"
},
{
"name": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121"
},
{
"name": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2"
},
{
"name": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512"
},
{
"name": "https://www.openwall.com/lists/oss-security/2022/07/23/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/07/23/1"
},
{
"name": "[oss-security] 20220725 Re: CVE Request: heap buffer overflow in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/07/25/1"
},
{
"name": "https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md",
"refsource": "MISC",
"url": "https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md"
},
{
"name": "FEDORA-2022-7254ec5e96",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5IHHEYFD6GDZVALKIPPRD2U4JNZUZWR/"
},
{
"name": "DSA-5228",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46829",
"datePublished": "2022-07-24T18:47:35",
"dateReserved": "2022-07-24T00:00:00",
"dateUpdated": "2024-08-04T05:17:42.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20240 (GCVE-0-2021-20240)
Vulnerability from cvelistv5 – Published: 2021-05-28 10:42 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity ?
No CVSS data available.
CWE
- CWE-191 - >CWE-787
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | gdk-pixbuf |
Affected:
gdk-pixbuf 2.42.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:22.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2021-2e59756cbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/"
},
{
"name": "FEDORA-2021-755ba8968a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/"
},
{
"name": "FEDORA-2021-c918632e13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gdk-pixbuf",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "gdk-pixbuf 2.42.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191-\u003eCWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-28T10:47:55",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2021-2e59756cbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/"
},
{
"name": "FEDORA-2021-755ba8968a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/"
},
{
"name": "FEDORA-2021-c918632e13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gdk-pixbuf",
"version": {
"version_data": [
{
"version_value": "gdk-pixbuf 2.42.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-191-\u003eCWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2021-2e59756cbe",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/"
},
{
"name": "FEDORA-2021-755ba8968a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/"
},
{
"name": "FEDORA-2021-c918632e13",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1926787",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20240",
"datePublished": "2021-05-28T10:42:35",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:22.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29385 (GCVE-0-2020-29385)
Vulnerability from cvelistv5 – Published: 2020-12-26 02:01 – Updated: 2024-08-04 16:55
VLAI?
Summary
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2020-29385"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164"
},
{
"name": "FEDORA-2021-2e59756cbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/"
},
{
"name": "FEDORA-2021-755ba8968a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/"
},
{
"name": "FEDORA-2021-c918632e13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c-\u003eself_code equals 10, self-\u003ecode_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self-\u003ecode_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-19T22:06:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gentoo.org/glsa/202012-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ubuntu.com/security/CVE-2020-29385"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164"
},
{
"name": "FEDORA-2021-2e59756cbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/"
},
{
"name": "FEDORA-2021-755ba8968a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/"
},
{
"name": "FEDORA-2021-c918632e13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c-\u003eself_code equals 10, self-\u003ecode_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self-\u003ecode_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS"
},
{
"name": "https://security.gentoo.org/glsa/202012-15",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/202012-15"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166"
},
{
"name": "https://ubuntu.com/security/CVE-2020-29385",
"refsource": "CONFIRM",
"url": "https://ubuntu.com/security/CVE-2020-29385"
},
{
"name": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164",
"refsource": "CONFIRM",
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164"
},
{
"name": "FEDORA-2021-2e59756cbe",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/"
},
{
"name": "FEDORA-2021-755ba8968a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/"
},
{
"name": "FEDORA-2021-c918632e13",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29385",
"datePublished": "2020-12-26T02:01:49",
"dateReserved": "2020-11-30T00:00:00",
"dateUpdated": "2024-08-04T16:55:09.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2897 (GCVE-0-2011-2897)
Vulnerability from cvelistv5 – Published: 2019-11-12 13:37 – Updated: 2024-08-06 23:15
VLAI?
Summary
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
Severity ?
No CVSS data available.
CWE
- GIF loader buffer overflow when initializing decompression tables
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gdk-pixbuf | gdk-pixbuf |
Affected:
through 2.31.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2897"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2897"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2897"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gdk-pixbuf",
"vendor": "gdk-pixbuf",
"versions": [
{
"status": "affected",
"version": "through 2.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "GIF loader buffer overflow when initializing decompression tables",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T13:37:35",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2897"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2897"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2897"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2897",
"datePublished": "2019-11-12T13:37:35",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:31.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12447 (GCVE-0-2017-12447)
Vulnerability from cvelistv5 – Published: 2019-03-07 22:00 – Updated: 2024-08-05 18:36
VLAI?
Summary
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:56.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=785979"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome"
},
{
"name": "USN-3912-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3912-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-20T20:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=785979"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome"
},
{
"name": "USN-3912-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3912-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=785979",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=785979"
},
{
"name": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome",
"refsource": "MISC",
"url": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome"
},
{
"name": "USN-3912-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3912-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12447",
"datePublished": "2019-03-07T22:00:00",
"dateReserved": "2017-08-04T00:00:00",
"dateUpdated": "2024-08-05T18:36:56.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000422 (GCVE-0-2017-1000422)
Vulnerability from cvelistv5 – Published: 2018-01-02 20:00 – Updated: 2024-08-05 22:00
VLAI?
Summary
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=785973"
},
{
"name": "DSA-4088",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4088"
},
{
"name": "USN-3532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3532-1/"
},
{
"name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1234-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00007.html"
},
{
"name": "GLSA-201804-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"datePublic": "2017-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=785973"
},
{
"name": "DSA-4088",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4088"
},
{
"name": "USN-3532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3532-1/"
},
{
"name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1234-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00007.html"
},
{
"name": "GLSA-201804-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201804-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000422",
"REQUESTER": "junxzm@hotmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=785973",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=785973"
},
{
"name": "DSA-4088",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4088"
},
{
"name": "USN-3532-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3532-1/"
},
{
"name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1234-1] gdk-pixbuf security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00007.html"
},
{
"name": "GLSA-201804-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000422",
"datePublished": "2018-01-02T20:00:00",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T22:00:41.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2870 (GCVE-0-2017-2870)
Vulnerability from cvelistv5 – Published: 2017-09-05 18:00 – Updated: 2024-09-16 17:48
VLAI?
Summary
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- remote code execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GNOME | Gdk-Pixbuf |
Affected:
2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc compiled with clang -O3 flag libtiff 4.0.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100541",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100541"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gdk-Pixbuf",
"vendor": "GNOME",
"versions": [
{
"status": "affected",
"version": "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc compiled with clang -O3 flag libtiff 4.0.6"
}
]
}
],
"datePublic": "2017-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:51",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "100541",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100541"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-08-30T00:00:00",
"ID": "CVE-2017-2870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gdk-Pixbuf",
"version": {
"version_data": [
{
"version_value": "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc compiled with clang -O3 flag libtiff 4.0.6"
}
]
}
}
]
},
"vendor_name": "GNOME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100541"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2870",
"datePublished": "2017-09-05T18:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T17:48:57.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2862 (GCVE-0-2017-2862)
Vulnerability from cvelistv5 – Published: 2017-09-05 18:00 – Updated: 2024-09-16 22:30
VLAI?
Summary
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- remote code execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GNOME | Gdk-Pixbuf |
Affected:
2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc libjpeg-turbo 1.5.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3978"
},
{
"name": "100541",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100541"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gdk-Pixbuf",
"vendor": "GNOME",
"versions": [
{
"status": "affected",
"version": "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc libjpeg-turbo 1.5.2"
}
]
}
],
"datePublic": "2017-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:41",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-3978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3978"
},
{
"name": "100541",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100541"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-08-30T00:00:00",
"ID": "CVE-2017-2862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gdk-Pixbuf",
"version": {
"version_data": [
{
"version_value": "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc libjpeg-turbo 1.5.2"
}
]
}
}
]
},
"vendor_name": "GNOME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3978",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3978"
},
{
"name": "100541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100541"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2862",
"datePublished": "2017-09-05T18:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T22:30:21.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6314 (GCVE-0-2017-6314)
Vulnerability from cvelistv5 – Published: 2017-03-10 02:00 – Updated: 2024-08-05 15:25
VLAI?
Summary
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779020"
},
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T03:06:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779020"
},
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=779020",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779020"
},
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "96779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96779"
},
{
"name": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html",
"refsource": "MISC",
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6314",
"datePublished": "2017-03-10T02:00:00",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-08-05T15:25:48.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6312 (GCVE-0-2017-6312)
Vulnerability from cvelistv5 – Published: 2017-03-10 02:00 – Updated: 2024-08-05 15:25
VLAI?
Summary
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779012"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T03:06:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779012"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=779012",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779012"
},
{
"name": "96779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96779"
},
{
"name": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html",
"refsource": "MISC",
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6312",
"datePublished": "2017-03-10T02:00:00",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-08-05T15:25:48.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6311 (GCVE-0-2017-6311)
Vulnerability from cvelistv5 – Published: 2017-03-10 02:00 – Updated: 2024-08-05 15:25
VLAI?
Summary
gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=778204"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T03:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=778204"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "96779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96779"
},
{
"name": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html",
"refsource": "MISC",
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=778204",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=778204"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "FEDORA-2020-418ce730df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6311",
"datePublished": "2017-03-10T02:00:00",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-08-05T15:25:48.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6313 (GCVE-0-2017-6313)
Vulnerability from cvelistv5 – Published: 2017-03-10 02:00 – Updated: 2024-08-05 15:25
VLAI?
Summary
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779016"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T03:06:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779016"
},
{
"name": "96779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=779016",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779016"
},
{
"name": "96779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96779"
},
{
"name": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html",
"refsource": "MISC",
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"name": "FEDORA-2020-418ce730df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/"
},
{
"name": "FEDORA-2020-a718b79006",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6313",
"datePublished": "2017-03-10T02:00:00",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-08-05T15:25:48.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6352 (GCVE-0-2016-6352)
Vulnerability from cvelistv5 – Published: 2016-10-03 18:00 – Updated: 2024-08-06 01:29
VLAI?
Summary
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160726 Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b"
},
{
"name": "USN-3085-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3085-1"
},
{
"name": "[oss-security] 20160713 CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599"
},
{
"name": "openSUSE-SU-2016:2276",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=769170"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-19T20:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160726 Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b"
},
{
"name": "USN-3085-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3085-1"
},
{
"name": "[oss-security] 20160713 CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599"
},
{
"name": "openSUSE-SU-2016:2276",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=769170"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160726 Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/11"
},
{
"name": "https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b"
},
{
"name": "USN-3085-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3085-1"
},
{
"name": "[oss-security] 20160713 CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/11"
},
{
"name": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599"
},
{
"name": "openSUSE-SU-2016:2276",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00040.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=769170",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=769170"
},
{
"name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6352",
"datePublished": "2016-10-03T18:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8875 (GCVE-0-2015-8875)
Vulnerability from cvelistv5 – Published: 2016-06-01 22:00 – Updated: 2024-08-06 08:29
VLAI?
Summary
Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:22.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3589",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3589"
},
{
"name": "[oss-security] 20160516 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/16/1"
},
{
"name": "USN-3085-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3085-1"
},
{
"name": "[oss-security] 20160512 Possible CVE request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/12/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22"
},
{
"name": "[oss-security] 20160517 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/17/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-03T17:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3589",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3589"
},
{
"name": "[oss-security] 20160516 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/16/1"
},
{
"name": "USN-3085-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3085-1"
},
{
"name": "[oss-security] 20160512 Possible CVE request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/12/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22"
},
{
"name": "[oss-security] 20160517 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/17/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-8875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3589",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3589"
},
{
"name": "[oss-security] 20160516 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/16/1"
},
{
"name": "USN-3085-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3085-1"
},
{
"name": "[oss-security] 20160512 Possible CVE request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/12/3"
},
{
"name": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22"
},
{
"name": "[oss-security] 20160517 Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/17/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-8875",
"datePublished": "2016-06-01T22:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T08:29:22.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}