High severity7.8NVD Advisory· Published Jun 1, 2016· Updated May 6, 2026

CVE-2015-8875

Description

Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.

Affected products

GNOME Foundation/Gdkpixbuf
cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*
Range: <=2.33
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2016/dsa-3589nvd
www.openwall.com/lists/oss-security/2016/05/12/3nvd
www.openwall.com/lists/oss-security/2016/05/16/1nvd
www.openwall.com/lists/oss-security/2016/05/17/7nvd
www.ubuntu.com/usn/USN-3085-1nvd
git.gnome.org/browse/gdk-pixbuf/commit/nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000