VYPR

rpm package

suse/gdk-pixbuf&distro=SUSE Linux Enterprise Software Development Kit 12 SP2

pkg:rpm/suse/gdk-pixbuf&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2

Vulnerabilities (5)

  • CVE-2017-2870HigSep 5, 2017
    affected < 2.34.0-19.5.1fixed 2.34.0-19.5.1

    An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger th

  • CVE-2017-2862HigSep 5, 2017
    affected < 2.34.0-19.5.1fixed 2.34.0-19.5.1

    An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulner

  • CVE-2017-6314MedMar 10, 2017
    affected < 2.34.0-19.5.1fixed 2.34.0-19.5.1

    The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

  • CVE-2017-6313HigMar 10, 2017
    affected < 2.34.0-19.5.1fixed 2.34.0-19.5.1

    Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.

  • CVE-2017-6312MedMar 10, 2017
    affected < 2.34.0-19.5.1fixed 2.34.0-19.5.1

    Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.