rpm package
suse/gdk-pixbuf&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
pkg:rpm/suse/gdk-pixbuf&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-2870 | Hig | 7.8 | < 2.34.0-19.5.1 | 2.34.0-19.5.1 | Sep 5, 2017 | An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger th | |
| CVE-2017-2862 | Hig | 7.8 | < 2.34.0-19.5.1 | 2.34.0-19.5.1 | Sep 5, 2017 | An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulner | |
| CVE-2017-6314 | Med | 5.5 | < 2.34.0-19.5.1 | 2.34.0-19.5.1 | Mar 10, 2017 | The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | |
| CVE-2017-6313 | Hig | 7.1 | < 2.34.0-19.5.1 | 2.34.0-19.5.1 | Mar 10, 2017 | Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. | |
| CVE-2017-6312 | Med | 5.5 | < 2.34.0-19.5.1 | 2.34.0-19.5.1 | Mar 10, 2017 | Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. |
- affected < 2.34.0-19.5.1fixed 2.34.0-19.5.1
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger th
- affected < 2.34.0-19.5.1fixed 2.34.0-19.5.1
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulner
- affected < 2.34.0-19.5.1fixed 2.34.0-19.5.1
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
- affected < 2.34.0-19.5.1fixed 2.34.0-19.5.1
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
- affected < 2.34.0-19.5.1fixed 2.34.0-19.5.1
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.