7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
54.5%
Package : gdk-pixbuf
Version : 2.31.1-2+deb8u8
CVE ID : CVE-2016-6352 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313
CVE-2017-6314
Several issues in gdk-pixbuf, a library to handle pixbuf, have been found.
CVE-2016-6352
fix for denial of service (out-of-bounds write and crash) via
crafted dimensions in an ICO file
CVE-2017-2870
Fix for an exploitable integer overflow vulnerability in the
tiff_image_parse functionality. When software is compiled with
clang, A specially crafted tiff file can cause a heap-overflow
resulting in remote code execution. Debian package is compiled
with gcc and is not affected, but probably some downstream is.
CVE-2017-6312
Fix for an integer overflow in io-ico.c that allows attackers
to cause a denial of service (segmentation fault and application
crash) via a crafted image
CVE-2017-6313
Fix for an integer underflow in the load_resources function in
io-icns.c that allows attackers to cause a denial of service
(out-of-bounds read and program crash) via a crafted image entry
size in an ICO file
CVE-2017-6314
Fix for an infinite loop in the make_available_at_least function
in io-tiff.c that allows attackers to cause a denial of service
via a large TIFF file.
For Debian 8 "Jessie", these problems have been fixed in version
2.31.1-2+deb8u8.
We recommend that you upgrade your gdk-pixbuf packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
54.5%