[SECURITY] [DLA 450-1] gdk-pixbuf security update

2016-04-3018:07:22

lists.debian.org

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

89.8%

JSON

Package : gdk-pixbuf
Version : 2.26.1-1+deb7u4
CVE ID : CVE-2015-7552 CVE-2015-7674

A heap-based buffer overflow has been discovered in gdk-pixbuf, a
library for image loading and saving facilities, fast scaling and
compositing of pixbufs, that allows remote attackers to cause a denial
of service or possibly execute arbitrary code via a crafted BMP file.

This update also fixes an incomplete patch for CVE-2015-7674.

CVE-2015-7552
Heap-based buffer overflow in the gdk_pixbuf_flip function in
gdk-pixbuf-scale.c in gdk-pixbuf allows remote attackers to cause a
denial of service or possibly execute arbitrary code via a crafted
BMP file.

CVE-2015-7674
Integer overflow in the pixops_scale_nearest function in
pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers
to cause a denial of service (application crash) and possibly
execute arbitrary code via a crafted GIF image file, which triggers
a heap-based buffer overflow.

For Debian 7 "Wheezy", these problems have been fixed in version
2.26.1-1+deb7u4.

We recommend that you upgrade your gdk-pixbuf packages.

OSVersionArchitecturePackageVersionFilename
Debian8allgdk-pixbuf< 2.31.1-2+deb8u3gdk-pixbuf_2.31.1-2+deb8u3_all.deb
Debian6amd64libgail-common< 2.20.1-2+deb6u2libgail-common_2.20.1-2+deb6u2_amd64.deb
Debian8amd64libgdk-pixbuf2.0-0-udeb< 2.31.1-2+deb8u3libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u3_amd64.deb
Debian8armellibgdk-pixbuf2.0-0-udeb< 2.31.1-2+deb8u3libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u3_armel.deb
Debian8powerpclibgdk-pixbuf2.0-0-dbg< 2.31.1-2+deb8u3libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u3_powerpc.deb
Debian8kfreebsd-amd64gir1.2-gdkpixbuf-2.0< 2.31.1-2+deb8u3gir1.2-gdkpixbuf-2.0_2.31.1-2+deb8u3_kfreebsd-amd64.deb
Debian8mipslibgdk-pixbuf2.0-0-udeb< 2.31.1-2+deb8u3libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u3_mips.deb
Debian8ppc64ellibgdk-pixbuf2.0-0-dbg< 2.31.1-2+deb8u3libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u3_ppc64el.deb
Debian8mipslibgdk-pixbuf2.0-0-dbg< 2.31.1-2+deb8u3libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u3_mips.deb
Debian7amd64gir1.2-gdkpixbuf-2.0< 2.26.1-1+deb7u4gir1.2-gdkpixbuf-2.0_2.26.1-1+deb7u4_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	gdk-pixbuf	< 2.31.1-2+deb8u3	gdk-pixbuf_2.31.1-2+deb8u3_all.deb
Debian	6	amd64	libgail-common	< 2.20.1-2+deb6u2	libgail-common_2.20.1-2+deb6u2_amd64.deb
Debian	8	amd64	libgdk-pixbuf2.0-0-udeb	< 2.31.1-2+deb8u3	libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u3_amd64.deb
Debian	8	armel	libgdk-pixbuf2.0-0-udeb	< 2.31.1-2+deb8u3	libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u3_armel.deb
Debian	8	powerpc	libgdk-pixbuf2.0-0-dbg	< 2.31.1-2+deb8u3	libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u3_powerpc.deb
Debian	8	kfreebsd-amd64	gir1.2-gdkpixbuf-2.0	< 2.31.1-2+deb8u3	gir1.2-gdkpixbuf-2.0_2.31.1-2+deb8u3_kfreebsd-amd64.deb
Debian	8	mips	libgdk-pixbuf2.0-0-udeb	< 2.31.1-2+deb8u3	libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u3_mips.deb
Debian	8	ppc64el	libgdk-pixbuf2.0-0-dbg	< 2.31.1-2+deb8u3	libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u3_ppc64el.deb
Debian	8	mips	libgdk-pixbuf2.0-0-dbg	< 2.31.1-2+deb8u3	libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u3_mips.deb
Debian	7	amd64	gir1.2-gdkpixbuf-2.0	< 2.26.1-1+deb7u4	gir1.2-gdkpixbuf-2.0_2.26.1-1+deb7u4_amd64.deb