High severity7.5NVD Advisory· Published Oct 3, 2016· Updated Jun 17, 2026
CVE-2016-6352
CVE-2016-6352
Description
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*range: <=2.35.2
- (no CPE)range: <2.35.3
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- osv-coords4 versionspkg:rpm/opensuse/gdk-pixbuf&distro=openSUSE%20Tumbleweedpkg:rpm/suse/gtk2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/gtk2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/gtk2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 2.36.0-1.1+ 3 more
- (no CPE)range: < 2.36.0-1.1
- (no CPE)range: < 2.18.9-0.44.1
- (no CPE)range: < 2.18.9-0.44.1
- (no CPE)range: < 2.18.9-0.44.1
Patches
Vulnerability mechanics
References
8- www.openwall.com/lists/oss-security/2016/07/13/11nvdExploitRelease Notes
- bugzilla.gnome.org/show_bug.cginvdExploitIssue TrackingThird Party AdvisoryVDB Entry
- git.gnome.org/browse/gdk-pixbuf/commit/nvdExploitVendor Advisory
- lists.opensuse.org/opensuse-updates/2016-09/msg00040.htmlnvdThird Party Advisory
- www.openwall.com/lists/oss-security/2016/07/26/11nvdThird Party Advisory
- www.ubuntu.com/usn/USN-3085-1nvdThird Party Advisory
- git.gnome.org/browse/gdk-pixbuf/tree/NEWSnvdRelease NotesVendor Advisory
- lists.debian.org/debian-lts-announce/2019/12/msg00025.htmlnvd
News mentions
0No linked articles in our index yet.