ID DEBIAN_DSA-3378.NASL Type nessus Reporter This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2015-10-26T00:00:00
Description
Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit
for image loading and pixel buffer manipulation. The Common
Vulnerabilities and Exposures project identifies the following
problems :
CVE-2015-7673
Gustavo Grieco discovered a heap overflow in the
processing of TGA images which may result in the
execution of arbitrary code or denial of service
(process crash) if a malformed image is opened.
CVE-2015-7674
Gustavo Grieco discovered an integer overflow flaw in
the processing of GIF images which may result in the
execution of arbitrary code or denial of service
(process crash) if a malformed image is opened.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-3378. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(86581);
script_version("2.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2015-7673", "CVE-2015-7674");
script_xref(name:"DSA", value:"3378");
script_name(english:"Debian DSA-3378-1 : gdk-pixbuf - security update");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit
for image loading and pixel buffer manipulation. The Common
Vulnerabilities and Exposures project identifies the following
problems :
- CVE-2015-7673
Gustavo Grieco discovered a heap overflow in the
processing of TGA images which may result in the
execution of arbitrary code or denial of service
(process crash) if a malformed image is opened.
- CVE-2015-7674
Gustavo Grieco discovered an integer overflow flaw in
the processing of GIF images which may result in the
execution of arbitrary code or denial of service
(process crash) if a malformed image is opened."
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2015-7673"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2015-7674"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/gdk-pixbuf"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/jessie/gdk-pixbuf"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2015/dsa-3378"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the gdk-pixbuf packages.
For the oldstable distribution (wheezy), these problems have been
fixed in version 2.26.1-1+deb7u2.
For the stable distribution (jessie), these problems have been fixed
in version 2.31.1-2+deb8u3."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gdk-pixbuf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
script_set_attribute(attribute:"patch_publication_date", value:"2015/10/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/26");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"gir1.2-gdkpixbuf-2.0", reference:"2.26.1-1+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"libgdk-pixbuf2.0-0", reference:"2.26.1-1+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"libgdk-pixbuf2.0-common", reference:"2.26.1-1+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"libgdk-pixbuf2.0-dev", reference:"2.26.1-1+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"libgdk-pixbuf2.0-doc", reference:"2.26.1-1+deb7u2")) flag++;
if (deb_check(release:"8.0", prefix:"gir1.2-gdkpixbuf-2.0", reference:"2.31.1-2+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-0", reference:"2.31.1-2+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-0-dbg", reference:"2.31.1-2+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-common", reference:"2.31.1-2+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-dev", reference:"2.31.1-2+deb8u3")) flag++;
if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-doc", reference:"2.31.1-2+deb8u3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "DEBIAN_DSA-3378.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-3378-1 : gdk-pixbuf - security update", "description": "Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit\nfor image loading and pixel buffer manipulation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2015-7673\n Gustavo Grieco discovered a heap overflow in the\n processing of TGA images which may result in the\n execution of arbitrary code or denial of service\n (process crash) if a malformed image is opened.\n\n - CVE-2015-7674\n Gustavo Grieco discovered an integer overflow flaw in\n the processing of GIF images which may result in the\n execution of arbitrary code or denial of service\n (process crash) if a malformed image is opened.", "published": "2015-10-26T00:00:00", "modified": "2015-10-26T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/86581", "reporter": "This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.debian.org/security/2015/dsa-3378", "https://packages.debian.org/source/wheezy/gdk-pixbuf", "https://security-tracker.debian.org/tracker/CVE-2015-7674", "https://packages.debian.org/source/jessie/gdk-pixbuf", "https://security-tracker.debian.org/tracker/CVE-2015-7673"], "cvelist": ["CVE-2015-7673", "CVE-2015-7674"], "type": "nessus", "lastseen": "2021-01-12T09:49:16", "edition": 21, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-7674", "CVE-2015-7673"]}, {"type": "ubuntu", "idList": ["USN-2767-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121427", "OPENVAS:1361412562310703378", "OPENVAS:1361412562310842486", "OPENVAS:703378", "OPENVAS:1361412562310130005"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14741", "SECURITYVULNS:DOC:32574"]}, {"type": "debian", "idList": ["DEBIAN:DLA-450-1:4632E", "DEBIAN:DSA-3378-1:B2F14", "DEBIAN:DLA-434-1:52778"]}, {"type": "archlinux", "idList": ["ASA-201510-6"]}, {"type": "freebsd", "idList": ["9272A5B0-6B40-11E5-BD7F-BCAEC565249C"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201512-05.NASL", "OPENSUSE-2016-405.NASL", "OPENSUSE-2016-669.NASL", "UBUNTU_USN-2767-1.NASL", "SUSE_SU-2015-1787-1.NASL", "SUSE_SU-2015-2195-2.NASL", "SUSE_SU-2015-2195-1.NASL", "DEBIAN_DLA-450.NASL", "FREEBSD_PKG_9272A5B06B4011E5BD7FBCAEC565249C.NASL", "DEBIAN_DLA-434.NASL"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:DFE291B6AA9E97F0C85DEB2AA18E0080"]}, {"type": "gentoo", "idList": ["GLSA-201512-05"]}], "modified": "2021-01-12T09:49:16", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-01-12T09:49:16", "rev": 2}, "vulnersScore": 7.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3378. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86581);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7673\", \"CVE-2015-7674\");\n script_xref(name:\"DSA\", value:\"3378\");\n\n script_name(english:\"Debian DSA-3378-1 : gdk-pixbuf - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit\nfor image loading and pixel buffer manipulation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2015-7673\n Gustavo Grieco discovered a heap overflow in the\n processing of TGA images which may result in the\n execution of arbitrary code or denial of service\n (process crash) if a malformed image is opened.\n\n - CVE-2015-7674\n Gustavo Grieco discovered an integer overflow flaw in\n the processing of GIF images which may result in the\n execution of arbitrary code or denial of service\n (process crash) if a malformed image is opened.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/gdk-pixbuf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/gdk-pixbuf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3378\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gdk-pixbuf packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 2.26.1-1+deb7u2.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 2.31.1-2+deb8u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gdk-pixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"gir1.2-gdkpixbuf-2.0\", reference:\"2.26.1-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgdk-pixbuf2.0-0\", reference:\"2.26.1-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgdk-pixbuf2.0-common\", reference:\"2.26.1-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgdk-pixbuf2.0-dev\", reference:\"2.26.1-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgdk-pixbuf2.0-doc\", reference:\"2.26.1-1+deb7u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gir1.2-gdkpixbuf-2.0\", reference:\"2.31.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgdk-pixbuf2.0-0\", reference:\"2.31.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgdk-pixbuf2.0-0-dbg\", reference:\"2.31.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgdk-pixbuf2.0-common\", reference:\"2.31.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgdk-pixbuf2.0-dev\", reference:\"2.31.1-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgdk-pixbuf2.0-doc\", reference:\"2.31.1-2+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "86581", "cpe": ["p-cpe:/a:debian:debian_linux:gdk-pixbuf", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T20:03:07", "description": "io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.", "edition": 5, "cvss3": {}, "published": "2015-10-26T17:59:00", "title": "CVE-2015-7673", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7673"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:gnome:gdk-pixbuf:2.31.4", "cpe:/o:opensuse:opensuse:13.2"], "id": "CVE-2015-7673", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7673", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnome:gdk-pixbuf:2.31.4:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:07", "description": "Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.", "edition": 5, "cvss3": {}, "published": "2015-10-26T17:59:00", "title": "CVE-2015-7674", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7674"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:gnome:gdk-pixbuf:2.32.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-7674", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7674", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:gdk-pixbuf:2.32.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:41:26", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7673", "CVE-2015-7674"], "description": "Gustavo Grieco discovered that the GDK-PixBuf library did not properly \nhandle scaling tga image files, leading to a heap overflow. If a \nuser or automated system were tricked into opening a tga image file, \na remote attacker could use this flaw to cause GDK-PixBuf to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2015-7673)\n\nGustavo Grieco discovered that the GDK-PixBuf library contained \nan integer overflow when handling certain GIF images. If a user \nor automated system were tricked into opening a GIF image file, \na remote attacker could use this flaw to cause GDK-PixBuf to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2015-7674)", "edition": 5, "modified": "2015-10-13T00:00:00", "published": "2015-10-13T00:00:00", "id": "USN-2767-1", "href": "https://ubuntu.com/security/notices/USN-2767-1", "title": "GDK-PixBuf vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:53:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7673", "CVE-2015-7674"], "description": "Several vulnerabilities have\nbeen discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer\nmanipulation. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2015-7673 \nGustavo Grieco discovered a heap overflow in the processing of TGA\nimages which may result in the execution of arbitrary code or denial\nof service (process crash) if a malformed image is opened.\n\nCVE-2015-7674 \nGustavo Grieco discovered an integer overflow flaw in the processing\nof GIF images which may result in the execution of arbitrary code or\ndenial of service (process crash) if a malformed image is opened.", "modified": "2017-07-07T00:00:00", "published": "2015-10-24T00:00:00", "id": "OPENVAS:703378", "href": "http://plugins.openvas.org/nasl.php?oid=703378", "type": "openvas", "title": "Debian Security Advisory DSA 3378-1 (gdk-pixbuf - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3378.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3378-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703378);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-7673\", \"CVE-2015-7674\");\n script_name(\"Debian Security Advisory DSA 3378-1 (gdk-pixbuf - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-10-24 00:00:00 +0200 (Sat, 24 Oct 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3378.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"gdk-pixbuf on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 2.26.1-1+deb7u2.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.31.1-2+deb8u3.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.32.1-1 or earlier.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.32.1-1 or earlier.\n\nWe recommend that you upgrade your gdk-pixbuf packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have\nbeen discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer\nmanipulation. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2015-7673 \nGustavo Grieco discovered a heap overflow in the processing of TGA\nimages which may result in the execution of arbitrary code or denial\nof service (process crash) if a malformed image is opened.\n\nCVE-2015-7674 \nGustavo Grieco discovered an integer overflow flaw in the processing\nof GIF images which may result in the execution of arbitrary code or\ndenial of service (process crash) if a malformed image is opened.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gir1.2-gdkpixbuf-2.0\", ver:\"2.26.1-1+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0:i386\", ver:\"2.26.1-1+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0:amd64\", ver:\"2.26.1-1+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-common\", ver:\"2.26.1-1+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-dev\", ver:\"2.26.1-1+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-doc\", ver:\"2.26.1-1+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gir1.2-gdkpixbuf-2.0\", ver:\"2.31.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0:i386\", ver:\"2.31.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0:amd64\", ver:\"2.31.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0-dbg:i386\", ver:\"2.31.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0-dbg:amd64\", ver:\"2.31.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-common\", ver:\"2.31.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-dev\", ver:\"2.31.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-doc\", ver:\"2.31.1-2+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7673", "CVE-2015-7674"], "description": "Several vulnerabilities have\nbeen discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer\nmanipulation. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2015-7673\nGustavo Grieco discovered a heap overflow in the processing of TGA\nimages which may result in the execution of arbitrary code or denial\nof service (process crash) if a malformed image is opened.\n\nCVE-2015-7674\nGustavo Grieco discovered an integer overflow flaw in the processing\nof GIF images which may result in the execution of arbitrary code or\ndenial of service (process crash) if a malformed image is opened.", "modified": "2019-03-18T00:00:00", "published": "2015-10-24T00:00:00", "id": "OPENVAS:1361412562310703378", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703378", "type": "openvas", "title": "Debian Security Advisory DSA 3378-1 (gdk-pixbuf - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3378.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3378-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703378\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2015-7673\", \"CVE-2015-7674\");\n script_name(\"Debian Security Advisory DSA 3378-1 (gdk-pixbuf - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-24 00:00:00 +0200 (Sat, 24 Oct 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3378.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"gdk-pixbuf on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 2.26.1-1+deb7u2.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.31.1-2+deb8u3.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.32.1-1 or earlier.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.32.1-1 or earlier.\n\nWe recommend that you upgrade your gdk-pixbuf packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have\nbeen discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer\nmanipulation. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2015-7673\nGustavo Grieco discovered a heap overflow in the processing of TGA\nimages which may result in the execution of arbitrary code or denial\nof service (process crash) if a malformed image is opened.\n\nCVE-2015-7674\nGustavo Grieco discovered an integer overflow flaw in the processing\nof GIF images which may result in the execution of arbitrary code or\ndenial of service (process crash) if a malformed image is opened.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"gir1.2-gdkpixbuf-2.0\", ver:\"2.26.1-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0:i386\", ver:\"2.26.1-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0:amd64\", ver:\"2.26.1-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-common\", ver:\"2.26.1-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-dev\", ver:\"2.26.1-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-doc\", ver:\"2.26.1-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gir1.2-gdkpixbuf-2.0\", ver:\"2.31.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0:i386\", ver:\"2.31.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0:amd64\", ver:\"2.31.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0-dbg:i386\", ver:\"2.31.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0-dbg:amd64\", ver:\"2.31.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-common\", ver:\"2.31.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-dev\", ver:\"2.31.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-doc\", ver:\"2.31.1-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7673", "CVE-2015-7674"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-10-14T00:00:00", "id": "OPENVAS:1361412562310842486", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842486", "type": "openvas", "title": "Ubuntu Update for gdk-pixbuf USN-2767-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for gdk-pixbuf USN-2767-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842486\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-14 08:04:53 +0200 (Wed, 14 Oct 2015)\");\n script_cve_id(\"CVE-2015-7673\", \"CVE-2015-7674\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for gdk-pixbuf USN-2767-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gdk-pixbuf'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Gustavo Grieco discovered that the GDK-PixBuf library did not properly\nhandle scaling tga image files, leading to a heap overflow. If a\nuser or automated system were tricked into opening a tga image file,\na remote attacker could use this flaw to cause GDK-PixBuf to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-7673)\n\nGustavo Grieco discovered that the GDK-PixBuf library contained\nan integer overflow when handling certain GIF images. If a user\nor automated system were tricked into opening a GIF image file,\na remote attacker could use this flaw to cause GDK-PixBuf to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-7674)\");\n script_tag(name:\"affected\", value:\"gdk-pixbuf on Ubuntu 15.04,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2767-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2767-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0\", ver:\"2.31.3-1ubuntu0.2\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0\", ver:\"2.30.7-0ubuntu1.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgdk-pixbuf2.0-0\", ver:\"2.26.1-1ubuntu1.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7673", "CVE-2015-7674"], "description": "Mageia Linux Local Security Checks mgasa-2015-0388", "modified": "2018-09-28T00:00:00", "published": "2015-10-15T00:00:00", "id": "OPENVAS:1361412562310130005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130005", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0388", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0388.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130005\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 06:54:58 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0388\");\n script_tag(name:\"insight\", value:\"Updated gdk-pixbuf packages fix security vulnerabilities: Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf before 2.32.0. This issue is triggered by the scaling of a malformed tga format image and results in a potentially exploitable crash (CVE-2015-7673). Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf before 2.32.1. This issue is triggered by the scaling of a malformed gif format image (CVE-2015-7674).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0388.html\");\n script_cve_id(\"CVE-2015-7673\", \"CVE-2015-7674\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0388\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"gdk-pixbuf2.0\", rpm:\"gdk-pixbuf2.0~2.32.1~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7673", "CVE-2015-7674", "CVE-2015-4491"], "description": "Gentoo Linux Local Security Checks GLSA 201512-05", "modified": "2018-10-26T00:00:00", "published": "2015-12-22T00:00:00", "id": "OPENVAS:1361412562310121427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121427", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201512-05", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201512-05.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121427\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-22 06:47:50 +0200 (Tue, 22 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201512-05\");\n script_tag(name:\"insight\", value:\"Three heap-based buffer overflow vulnerabilities have been discovered in gdk-pixbuf. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201512-05\");\n script_cve_id(\"CVE-2015-4491\", \"CVE-2015-7673\", \"CVE-2015-7674\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201512-05\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"x11-libs/gdk-pixbuf\", unaffected: make_list(\"ge 2.32.1\"), vulnerable: make_list(\"lt 2.32.1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-7673", "CVE-2015-7674"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2767-1\r\nOctober 13, 2015\r\n\r\ngdk-pixbuf vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nGDK-PixBuf could be made to crash or run programs as your login if it\r\nopened a specially crafted file.\r\n\r\nSoftware Description:\r\n- gdk-pixbuf: GDK Pixbuf library\r\n\r\nDetails:\r\n\r\nGustavo Grieco discovered that the GDK-PixBuf library did not properly\r\nhandle scaling tga image files, leading to a heap overflow. If a\r\nuser or automated system were tricked into opening a tga image file,\r\na remote attacker could use this flaw to cause GDK-PixBuf to crash,\r\nresulting in a denial of service, or possibly execute arbitrary code.\r\n(CVE-2015-7673)\r\n\r\nGustavo Grieco discovered that the GDK-PixBuf library contained\r\nan integer overflow when handling certain GIF images. If a user\r\nor automated system were tricked into opening a GIF image file,\r\na remote attacker could use this flaw to cause GDK-PixBuf to crash,\r\nresulting in a denial of service, or possibly execute arbitrary code.\r\n(CVE-2015-7674)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n libgdk-pixbuf2.0-0 2.31.3-1ubuntu0.2\r\n\r\nUbuntu 14.04 LTS:\r\n libgdk-pixbuf2.0-0 2.30.7-0ubuntu1.2\r\n\r\nUbuntu 12.04 LTS:\r\n libgdk-pixbuf2.0-0 2.26.1-1ubuntu1.3\r\n\r\nAfter a standard system update you need to restart your session to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2767-1\r\n CVE-2015-7673, CVE-2015-7674\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.31.3-1ubuntu0.2\r\n https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.30.7-0ubuntu1.2\r\n https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.26.1-1ubuntu1.3\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-10-25T00:00:00", "published": "2015-10-25T00:00:00", "id": "SECURITYVULNS:DOC:32574", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32574", "title": "[USN-2767-1] GDK-PixBuf vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-7673", "CVE-2015-7674", "CVE-2015-4491"], "description": "Buffer overflow, integer overflow, on graphic formats processing.", "edition": 1, "modified": "2015-10-25T00:00:00", "published": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14741", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14741", "title": "GDK-PixBuf security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-08-12T00:57:03", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7673", "CVE-2015-7674"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3378-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 24, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gdk-pixbuf\nCVE ID : CVE-2015-7673 CVE-2015-7674\n\nSeveral vulnerabilities have been discovered in gdk-pixbuf, a toolkit\nfor image loading and pixel buffer manipulation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2015-7673\n\n Gustavo Grieco discovered a heap overflow in the processing of TGA\n images which may result in the execution of arbitrary code or denial\n of service (process crash) if a malformed image is opened.\n\nCVE-2015-7674\n\n Gustavo Grieco discovered an integer overflow flaw in the processing\n of GIF images which may result in the execution of arbitrary code or\n denial of service (process crash) if a malformed image is opened.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2.26.1-1+deb7u2.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.31.1-2+deb8u3.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.32.1-1 or earlier.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.32.1-1 or earlier.\n\nWe recommend that you upgrade your gdk-pixbuf packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 12, "modified": "2015-10-24T20:45:05", "published": "2015-10-24T20:45:05", "id": "DEBIAN:DSA-3378-1:B2F14", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00277.html", "title": "[SECURITY] [DSA 3378-1] gdk-pixbuf security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:28:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7673", "CVE-2015-7674", "CVE-2015-4491"], "description": "Package : gtk+2.0\nVersion : 2.20.1-2+deb6u2\nCVE ID : CVE-2015-4491 CVE-2015-7673 CVE-2015-7674\n\nGustavo Grieco discovered different security issues in Gtk+2.0's\ngdk-pixbuf.\n\nCVE-2015-4491\n\n Heap overflow when processing BMP images which may allow to execute\n of arbitrary code via malformed images.\n\nCVE-2015-7673\n\n Heap overflow when processing TGA images which may allow execute\n arbitrary code or denial of service (process crash) via malformed\n images.\n\nCVE-2015-7674\n\n Integer overflow when processing GIF images which may allow to\n execute arbitrary code or denial of service (process crash) via\n malformed image.\n\nFor Debian 6 "Squeeze", these issues have been fixed in gtk+2.0 version\n2.20.1-2+deb6u2. We recommend you to upgrade your gtk+2.0 packages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to\napply these updates at: https://wiki.debian.org/LTS/\n", "edition": 9, "modified": "2016-02-27T15:17:14", "published": "2016-02-27T15:17:14", "id": "DEBIAN:DLA-434-1:52778", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201602/msg00026.html", "title": "[SECURITY] [DLA 434-1] gtk+2.0 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7552", "CVE-2015-7674"], "description": "Package : gdk-pixbuf\nVersion : 2.26.1-1+deb7u4\nCVE ID : CVE-2015-7552 CVE-2015-7674\n\nA heap-based buffer overflow has been discovered in gdk-pixbuf, a\nlibrary for image loading and saving facilities, fast scaling and\ncompositing of pixbufs, that allows remote attackers to cause a denial\nof service or possibly execute arbitrary code via a crafted BMP file.\n\nThis update also fixes an incomplete patch for CVE-2015-7674.\n\nCVE-2015-7552\n Heap-based buffer overflow in the gdk_pixbuf_flip function in\n gdk-pixbuf-scale.c in gdk-pixbuf allows remote attackers to cause a\n denial of service or possibly execute arbitrary code via a crafted\n BMP file.\n\n\nCVE-2015-7674\n Integer overflow in the pixops_scale_nearest function in\n pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers\n to cause a denial of service (application crash) and possibly\n execute arbitrary code via a crafted GIF image file, which triggers\n a heap-based buffer overflow.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2.26.1-1+deb7u4.\n\nWe recommend that you upgrade your gdk-pixbuf packages.\n", "edition": 3, "modified": "2016-04-30T18:07:38", "published": "2016-04-30T18:07:38", "id": "DEBIAN:DLA-450-1:4632E", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201604/msg00004.html", "title": "[SECURITY] [DLA 450-1] gdk-pixbuf security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-09-23T18:55:28", "description": "Gustavo Grieco discovered that the GDK-PixBuf library did not properly\nhandle scaling tga image files, leading to a heap overflow. If a user\nor automated system were tricked into opening a tga image file, a\nremote attacker could use this flaw to cause GDK-PixBuf to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-7673)\n\nGustavo Grieco discovered that the GDK-PixBuf library contained an\ninteger overflow when handling certain GIF images. If a user or\nautomated system were tricked into opening a GIF image file, a remote\nattacker could use this flaw to cause GDK-PixBuf to crash, resulting\nin a denial of service, or possibly execute arbitrary code.\n(CVE-2015-7674).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2015-10-14T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : gdk-pixbuf vulnerabilities (USN-2767-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7673", "CVE-2015-7674"], "modified": "2015-10-14T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:libgdk-pixbuf2.0-0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2767-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86379", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2767-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86379);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2015-7673\", \"CVE-2015-7674\");\n script_xref(name:\"USN\", value:\"2767-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : gdk-pixbuf vulnerabilities (USN-2767-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gustavo Grieco discovered that the GDK-PixBuf library did not properly\nhandle scaling tga image files, leading to a heap overflow. If a user\nor automated system were tricked into opening a tga image file, a\nremote attacker could use this flaw to cause GDK-PixBuf to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-7673)\n\nGustavo Grieco discovered that the GDK-PixBuf library contained an\ninteger overflow when handling certain GIF images. If a user or\nautomated system were tricked into opening a GIF image file, a remote\nattacker could use this flaw to cause GDK-PixBuf to crash, resulting\nin a denial of service, or possibly execute arbitrary code.\n(CVE-2015-7674).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2767-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libgdk-pixbuf2.0-0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdk-pixbuf2.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libgdk-pixbuf2.0-0\", pkgver:\"2.26.1-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libgdk-pixbuf2.0-0\", pkgver:\"2.30.7-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libgdk-pixbuf2.0-0\", pkgver:\"2.31.3-1ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgdk-pixbuf2.0-0\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:47:27", "description": "reports :\n\nWe found a heap overflow and a DoS in the gdk-pixbuf implementation\ntriggered by the scaling of tga file.\n\nWe found a heap overflow in the gdk-pixbuf implementation triggered by\nthe scaling of gif file.", "edition": 22, "published": "2015-10-06T00:00:00", "title": "FreeBSD : gdk-pixbuf2 -- head overflow and DoS (9272a5b0-6b40-11e5-bd7f-bcaec565249c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7673", "CVE-2015-7674"], "modified": "2015-10-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:gdk-pixbuf2", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_9272A5B06B4011E5BD7FBCAEC565249C.NASL", "href": "https://www.tenable.com/plugins/nessus/86278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86278);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-7673\", \"CVE-2015-7674\");\n\n script_name(english:\"FreeBSD : gdk-pixbuf2 -- head overflow and DoS (9272a5b0-6b40-11e5-bd7f-bcaec565249c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"reports :\n\nWe found a heap overflow and a DoS in the gdk-pixbuf implementation\ntriggered by the scaling of tga file.\n\nWe found a heap overflow in the gdk-pixbuf implementation triggered by\nthe scaling of gif file.\"\n );\n # https://mail.gnome.org/archives/ftp-release-list/2015-September/msg00201.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68470aa5\"\n );\n # https://mail.gnome.org/archives/ftp-release-list/2015-September/msg00287.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e48a3522\"\n );\n # http://www.openwall.com/lists/oss-security/2015/10/02/9\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2015/10/02/9\"\n );\n # http://www.openwall.com/lists/oss-security/2015/10/02/10\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2015/10/02/10\"\n );\n # https://vuxml.freebsd.org/freebsd/9272a5b0-6b40-11e5-bd7f-bcaec565249c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?745a6bae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gdk-pixbuf2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gdk-pixbuf2<2.32.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T11:12:57", "description": "This update for gdk-pixbuf fixes the following issues :\n\n - CVE-2015-7552: Fixed various overflows in image handling\n (boo#958963).\n\n - CVE-2015-7673: Fixed an overflow and DoS with a TGA file\n (boo#948790).\n\n - CVE-2015-7674: Fixed overflow when scaling a gif\n (boo#948791).", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-03-29T00:00:00", "title": "openSUSE Security Update : gdk-pixbuf (openSUSE-2016-405)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7552", "CVE-2015-7673", "CVE-2015-7674"], "modified": "2016-03-29T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-debuginfo", "p-cpe:/a:novell:opensuse:gdk-pixbuf-debugsource", "p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders", "p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-32bit", "p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-32bit", "p-cpe:/a:novell:opensuse:gdk-pixbuf-devel", "p-cpe:/a:novell:opensuse:typelib-1_0-GdkPixbuf-2_0", "p-cpe:/a:novell:opensuse:gdk-pixbuf-lang", "p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-debuginfo", "p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-debuginfo", "p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-32bit"], "id": "OPENSUSE-2016-405.NASL", "href": "https://www.tenable.com/plugins/nessus/90253", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-405.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90253);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2015-7552\", \"CVE-2015-7673\", \"CVE-2015-7674\");\n\n script_name(english:\"openSUSE Security Update : gdk-pixbuf (openSUSE-2016-405)\");\n script_summary(english:\"Check for the openSUSE-2016-405 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gdk-pixbuf fixes the following issues :\n\n - CVE-2015-7552: Fixed various overflows in image handling\n (boo#958963).\n\n - CVE-2015-7673: Fixed an overflow and DoS with a TGA file\n (boo#948790).\n\n - CVE-2015-7674: Fixed overflow when scaling a gif\n (boo#948791).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=948790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=948791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958963\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gdk-pixbuf packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-GdkPixbuf-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gdk-pixbuf-debugsource-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gdk-pixbuf-devel-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gdk-pixbuf-devel-debuginfo-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gdk-pixbuf-lang-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gdk-pixbuf-query-loaders-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gdk-pixbuf-query-loaders-debuginfo-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgdk_pixbuf-2_0-0-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgdk_pixbuf-2_0-0-debuginfo-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"typelib-1_0-GdkPixbuf-2_0-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gdk-pixbuf-devel-32bit-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gdk-pixbuf-devel-debuginfo-32bit-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gdk-pixbuf-query-loaders-32bit-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gdk-pixbuf-query-loaders-debuginfo-32bit-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libgdk_pixbuf-2_0-0-32bit-2.31.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libgdk_pixbuf-2_0-0-debuginfo-32bit-2.31.6-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdk-pixbuf-debugsource / gdk-pixbuf-devel / gdk-pixbuf-devel-32bit / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:43:45", "description": "Gustavo Grieco discovered different security issues in Gtk+2.0's\ngdk-pixbuf.\n\nCVE-2015-4491\n\nHeap overflow when processing BMP images which may allow to execute of\narbitrary code via malformed images.\n\nCVE-2015-7673\n\nHeap overflow when processing TGA images which may allow execute\narbitrary code or denial of service (process crash) via malformed\nimages.\n\nCVE-2015-7674\n\nInteger overflow when processing GIF images which may allow to execute\narbitrary code or denial of service (process crash) via malformed\nimage.\n\nFor Debian 6 'Squeeze', these issues have been fixed in gtk+2.0\nversion 2.20.1-2+deb6u2. We recommend you to upgrade your gtk+2.0\npackages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to\napply these updates at: https://wiki.debian.org/LTS/\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 15, "published": "2016-02-29T00:00:00", "title": "Debian DLA-434-1 : gtk+2.0 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7673", "CVE-2015-7674", "CVE-2015-4491"], "modified": "2016-02-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libgtk2.0-bin", "p-cpe:/a:debian:debian_linux:libgail-dev", "p-cpe:/a:debian:debian_linux:gtk2.0-examples", "p-cpe:/a:debian:debian_linux:libgtk2.0-dev", "p-cpe:/a:debian:debian_linux:libgtk2.0-0", "p-cpe:/a:debian:debian_linux:libgtk2.0-common", "p-cpe:/a:debian:debian_linux:libgtk2.0-0-udeb", "p-cpe:/a:debian:debian_linux:libgtk2.0-doc", "p-cpe:/a:debian:debian_linux:libgail-common", "p-cpe:/a:debian:debian_linux:libgail18", "p-cpe:/a:debian:debian_linux:libgail-dbg", "p-cpe:/a:debian:debian_linux:libgtk2.0-0-dbg", "p-cpe:/a:debian:debian_linux:gtk2-engines-pixbuf", "p-cpe:/a:debian:debian_linux:libgail-doc"], "id": "DEBIAN_DLA-434.NASL", "href": "https://www.tenable.com/plugins/nessus/88995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-434-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88995);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-4491\", \"CVE-2015-7673\", \"CVE-2015-7674\");\n\n script_name(english:\"Debian DLA-434-1 : gtk+2.0 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gustavo Grieco discovered different security issues in Gtk+2.0's\ngdk-pixbuf.\n\nCVE-2015-4491\n\nHeap overflow when processing BMP images which may allow to execute of\narbitrary code via malformed images.\n\nCVE-2015-7673\n\nHeap overflow when processing TGA images which may allow execute\narbitrary code or denial of service (process crash) via malformed\nimages.\n\nCVE-2015-7674\n\nInteger overflow when processing GIF images which may allow to execute\narbitrary code or denial of service (process crash) via malformed\nimage.\n\nFor Debian 6 'Squeeze', these issues have been fixed in gtk+2.0\nversion 2.20.1-2+deb6u2. We recommend you to upgrade your gtk+2.0\npackages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to\napply these updates at: https://wiki.debian.org/LTS/\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/02/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/gtk+2.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wiki.debian.org/LTS/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gtk2-engines-pixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gtk2.0-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgail-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgail-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgail-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgail-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgail18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgtk2.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgtk2.0-0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgtk2.0-0-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgtk2.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgtk2.0-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgtk2.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgtk2.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"gtk2-engines-pixbuf\", reference:\"2.20.1-2+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"gtk2.0-examples\", reference:\"2.20.1-2+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgail-common\", reference:\"2.20.1-2+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgail-dbg\", reference:\"2.20.1-2+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgail-dev\", reference:\"2.20.1-2+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgail-doc\", reference:\"2.20.1-2+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgail18\", reference:\"2.20.1-2+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgtk2.0-0\", reference:\"2.20.1-2+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgtk2.0-0-dbg\", reference:\"2.20.1-2+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgtk2.0-0-udeb\", reference:\"2.20.1-2+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgtk2.0-bin\", reference:\"2.20.1-2+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgtk2.0-common\", reference:\"2.20.1-2+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgtk2.0-dev\", reference:\"2.20.1-2+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgtk2.0-doc\", reference:\"2.20.1-2+deb6u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T11:04:48", "description": "The remote host is affected by the vulnerability described in GLSA-201512-05\n(gdk-pixbuf: Multiple Vulnerabilities)\n\n Three heap-based buffer overflow vulnerabilities have been discovered in\n gdk-pixbuf. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted image\n file with an application linked against gdk-pixbuf, possibly resulting in\n execution of arbitrary code with the privileges of the process or a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2015-12-22T00:00:00", "title": "GLSA-201512-05 : gdk-pixbuf: Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7673", "CVE-2015-7674", "CVE-2015-4491"], "modified": "2015-12-22T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:gdk-pixbuf"], "id": "GENTOO_GLSA-201512-05.NASL", "href": "https://www.tenable.com/plugins/nessus/87546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201512-05.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87546);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-4491\", \"CVE-2015-7673\", \"CVE-2015-7674\");\n script_xref(name:\"GLSA\", value:\"201512-05\");\n\n script_name(english:\"GLSA-201512-05 : gdk-pixbuf: Multiple Vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201512-05\n(gdk-pixbuf: Multiple Vulnerabilities)\n\n Three heap-based buffer overflow vulnerabilities have been discovered in\n gdk-pixbuf. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted image\n file with an application linked against gdk-pixbuf, possibly resulting in\n execution of arbitrary code with the privileges of the process or a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201512-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All gdk-pixbuf users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/gdk-pixbuf-2.32.1'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying these packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gdk-pixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"x11-libs/gdk-pixbuf\", unaffected:make_list(\"ge 2.32.1\"), vulnerable:make_list(\"lt 2.32.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdk-pixbuf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:23:15", "description": "The gdk pixbuf library was updated to fix three security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-7673: Fix some more overflows scaling a gif\n (bsc#948791)\n\n - CVE-2015-4491: Check for overflow before allocating\n memory when scaling (bsc#942801)\n\n - CVE-2015-7673: Fix an overflow and DoS when scaling TGA\n files (bsc#948790).\n\n - CVE-2015-7674: Fix overflow when scaling GIF\n files(bsc#948791).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2015-12-07T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2015:2195-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7673", "CVE-2015-7674", "CVE-2015-4491"], "modified": "2015-12-07T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libgdk_pixbuf-2_0", "p-cpe:/a:novell:suse_linux:gdk-pixbuf-query-loaders", "p-cpe:/a:novell:suse_linux:gdk-pixbuf-debugsource", "p-cpe:/a:novell:suse_linux:gdk-pixbuf-query-loaders-debuginfo", "p-cpe:/a:novell:suse_linux:libgdk_pixbuf-2_0-0", "p-cpe:/a:novell:suse_linux:libgdk_pixbuf-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-GdkPixbuf"], "id": "SUSE_SU-2015-2195-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87215", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2195-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87215);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4491\", \"CVE-2015-7673\", \"CVE-2015-7674\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2015:2195-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The gdk pixbuf library was updated to fix three security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-7673: Fix some more overflows scaling a gif\n (bsc#948791)\n\n - CVE-2015-4491: Check for overflow before allocating\n memory when scaling (bsc#942801)\n\n - CVE-2015-7673: Fix an overflow and DoS when scaling TGA\n files (bsc#948790).\n\n - CVE-2015-7674: Fix overflow when scaling GIF\n files(bsc#948791).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4491/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7674/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152195-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ebac5b5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-946=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-946=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-946=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gdk-pixbuf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gdk-pixbuf-query-loaders\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gdk-pixbuf-query-loaders-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgdk_pixbuf-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgdk_pixbuf-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgdk_pixbuf-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-GdkPixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gdk-pixbuf-debugsource-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gdk-pixbuf-query-loaders-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gdk-pixbuf-query-loaders-debuginfo-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgdk_pixbuf-2_0-0-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgdk_pixbuf-2_0-0-debuginfo-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"typelib-1_0-GdkPixbuf-2_0-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gdk-pixbuf-query-loaders-32bit-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gdk-pixbuf-query-loaders-debuginfo-32bit-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgdk_pixbuf-2_0-0-32bit-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgdk_pixbuf-2_0-0-debuginfo-32bit-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gdk-pixbuf-debugsource-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gdk-pixbuf-query-loaders-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gdk-pixbuf-query-loaders-32bit-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gdk-pixbuf-query-loaders-debuginfo-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gdk-pixbuf-query-loaders-debuginfo-32bit-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgdk_pixbuf-2_0-0-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgdk_pixbuf-2_0-0-32bit-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgdk_pixbuf-2_0-0-debuginfo-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgdk_pixbuf-2_0-0-debuginfo-32bit-2.30.6-7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"typelib-1_0-GdkPixbuf-2_0-2.30.6-7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdk-pixbuf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:23:15", "description": "The gdk pixbuf library was updated to fix three security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-7673: Fix some more overflows scaling a gif\n (bsc#948791)\n\n - CVE-2015-4491: Check for overflow before allocating\n memory when scaling (bsc#942801)\n\n - CVE-2015-7673: Fix an overflow and DoS when scaling TGA\n files (bsc#948790).\n\n - CVE-2015-7674: Fix overflow when scaling GIF\n files(bsc#948791).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2015-12-29T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2015:2195-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7673", "CVE-2015-7674", "CVE-2015-4491"], "modified": "2015-12-29T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libgdk_pixbuf-2_0", "p-cpe:/a:novell:suse_linux:gdk-pixbuf-query-loaders", "p-cpe:/a:novell:suse_linux:gdk-pixbuf-debugsource", "p-cpe:/a:novell:suse_linux:gdk-pixbuf-query-loaders-debuginfo", "p-cpe:/a:novell:suse_linux:libgdk_pixbuf-2_0-0", "p-cpe:/a:novell:suse_linux:libgdk_pixbuf-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-GdkPixbuf"], "id": "SUSE_SU-2015-2195-2.NASL", "href": "https://www.tenable.com/plugins/nessus/87646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2195-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87646);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4491\", \"CVE-2015-7673\", \"CVE-2015-7674\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2015:2195-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The gdk pixbuf library was updated to fix three security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-7673: Fix some more overflows scaling a gif\n (bsc#948791)\n\n - CVE-2015-4491: Check for overflow before allocating\n memory when scaling (bsc#942801)\n\n - CVE-2015-7673: Fix an overflow and DoS when scaling TGA\n files (bsc#948790).\n\n - CVE-2015-7674: Fix overflow when scaling GIF\n files(bsc#948791).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4491/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7674/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152195-2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f1dd2b46\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2015-946=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-946=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-946=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gdk-pixbuf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gdk-pixbuf-query-loaders\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gdk-pixbuf-query-loaders-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgdk_pixbuf-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgdk_pixbuf-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgdk_pixbuf-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-GdkPixbuf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gdk-pixbuf-debugsource-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gdk-pixbuf-query-loaders-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gdk-pixbuf-query-loaders-debuginfo-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgdk_pixbuf-2_0-0-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgdk_pixbuf-2_0-0-debuginfo-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"typelib-1_0-GdkPixbuf-2_0-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gdk-pixbuf-query-loaders-32bit-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gdk-pixbuf-query-loaders-debuginfo-32bit-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgdk_pixbuf-2_0-0-32bit-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgdk_pixbuf-2_0-0-debuginfo-32bit-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gdk-pixbuf-debugsource-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gdk-pixbuf-query-loaders-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gdk-pixbuf-query-loaders-32bit-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gdk-pixbuf-query-loaders-debuginfo-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gdk-pixbuf-query-loaders-debuginfo-32bit-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libgdk_pixbuf-2_0-0-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libgdk_pixbuf-2_0-0-32bit-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libgdk_pixbuf-2_0-0-debuginfo-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libgdk_pixbuf-2_0-0-debuginfo-32bit-2.30.6-7.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"typelib-1_0-GdkPixbuf-2_0-2.30.6-7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdk-pixbuf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T11:13:00", "description": "This update for gdk-pixbuf fixes the following issues :\n\n - CVE-2015-7552: Fixed various overflows in image handling\n (boo#958963).\n\n - CVE-2015-7673: Fixed an overflow and DoS with a TGA file\n (boo#948790).\n\n - CVE-2015-7674: Fixed overflow when scaling a gif\n (boo#948791).", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-06-02T00:00:00", "title": "openSUSE Security Update : gdk-pixbuf (openSUSE-2016-669)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7552", "CVE-2015-7673", "CVE-2015-7674"], "modified": "2016-06-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-debuginfo", "p-cpe:/a:novell:opensuse:gdk-pixbuf-debugsource", "p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders", "p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-32bit", "p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-debuginfo-32bit", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-32bit", "p-cpe:/a:novell:opensuse:gdk-pixbuf-devel", "p-cpe:/a:novell:opensuse:typelib-1_0-GdkPixbuf-2_0", "p-cpe:/a:novell:opensuse:gdk-pixbuf-lang", "p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0", "p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-debuginfo", "p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-debuginfo", "p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-32bit"], "id": "OPENSUSE-2016-669.NASL", "href": "https://www.tenable.com/plugins/nessus/91438", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-669.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91438);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2015-7552\", \"CVE-2015-7673\", \"CVE-2015-7674\");\n\n script_name(english:\"openSUSE Security Update : gdk-pixbuf (openSUSE-2016-669)\");\n script_summary(english:\"Check for the openSUSE-2016-669 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gdk-pixbuf fixes the following issues :\n\n - CVE-2015-7552: Fixed various overflows in image handling\n (boo#958963).\n\n - CVE-2015-7673: Fixed an overflow and DoS with a TGA file\n (boo#948790).\n\n - CVE-2015-7674: Fixed overflow when scaling a gif\n (boo#948791).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=948790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=948791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958963\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gdk-pixbuf packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-GdkPixbuf-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gdk-pixbuf-debugsource-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gdk-pixbuf-devel-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gdk-pixbuf-devel-debuginfo-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gdk-pixbuf-lang-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gdk-pixbuf-query-loaders-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gdk-pixbuf-query-loaders-debuginfo-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libgdk_pixbuf-2_0-0-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libgdk_pixbuf-2_0-0-debuginfo-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"typelib-1_0-GdkPixbuf-2_0-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gdk-pixbuf-devel-32bit-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gdk-pixbuf-devel-debuginfo-32bit-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gdk-pixbuf-query-loaders-32bit-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gdk-pixbuf-query-loaders-debuginfo-32bit-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libgdk_pixbuf-2_0-0-32bit-2.31.6-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libgdk_pixbuf-2_0-0-debuginfo-32bit-2.31.6-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdk-pixbuf-debugsource / gdk-pixbuf-devel / gdk-pixbuf-devel-32bit / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:43:46", "description": "A heap-based buffer overflow has been discovered in gdk-pixbuf, a\nlibrary for image loading and saving facilities, fast scaling and\ncompositing of pixbufs, that allows remote attackers to cause a denial\nof service or possibly execute arbitrary code via a crafted BMP file.\n\nThis update also fixes an incomplete patch for CVE-2015-7674.\n\nCVE-2015-7552 Heap-based buffer overflow in the gdk_pixbuf_flip\nfunction in gdk-pixbuf-scale.c in gdk-pixbuf allows remote attackers\nto cause a denial of service or possibly execute arbitrary code via a\ncrafted BMP file.\n\nCVE-2015-7674 Integer overflow in the pixops_scale_nearest function in\npixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to\ncause a denial of service (application crash) and possibly execute\narbitrary code via a crafted GIF image file, which triggers a\nheap-based buffer overflow.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.26.1-1+deb7u4.\n\nWe recommend that you upgrade your gdk-pixbuf packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-02T00:00:00", "title": "Debian DLA-450-1 : gdk-pixbuf security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7552", "CVE-2015-7674"], "modified": "2016-05-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libgdk-pixbuf2.0-0", "p-cpe:/a:debian:debian_linux:libgdk-pixbuf2.0-common", "p-cpe:/a:debian:debian_linux:libgdk-pixbuf2.0-dev", "p-cpe:/a:debian:debian_linux:libgdk-pixbuf2.0-doc", "p-cpe:/a:debian:debian_linux:gir1.2-gdkpixbuf-2.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-450.NASL", "href": "https://www.tenable.com/plugins/nessus/90807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-450-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90807);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7552\", \"CVE-2015-7674\");\n\n script_name(english:\"Debian DLA-450-1 : gdk-pixbuf security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow has been discovered in gdk-pixbuf, a\nlibrary for image loading and saving facilities, fast scaling and\ncompositing of pixbufs, that allows remote attackers to cause a denial\nof service or possibly execute arbitrary code via a crafted BMP file.\n\nThis update also fixes an incomplete patch for CVE-2015-7674.\n\nCVE-2015-7552 Heap-based buffer overflow in the gdk_pixbuf_flip\nfunction in gdk-pixbuf-scale.c in gdk-pixbuf allows remote attackers\nto cause a denial of service or possibly execute arbitrary code via a\ncrafted BMP file.\n\nCVE-2015-7674 Integer overflow in the pixops_scale_nearest function in\npixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to\ncause a denial of service (application crash) and possibly execute\narbitrary code via a crafted GIF image file, which triggers a\nheap-based buffer overflow.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.26.1-1+deb7u4.\n\nWe recommend that you upgrade your gdk-pixbuf packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/04/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/gdk-pixbuf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-gdkpixbuf-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgdk-pixbuf2.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgdk-pixbuf2.0-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgdk-pixbuf2.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgdk-pixbuf2.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"gir1.2-gdkpixbuf-2.0\", reference:\"2.26.1-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgdk-pixbuf2.0-0\", reference:\"2.26.1-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgdk-pixbuf2.0-common\", reference:\"2.26.1-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgdk-pixbuf2.0-dev\", reference:\"2.26.1-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgdk-pixbuf2.0-doc\", reference:\"2.26.1-1+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:23:06", "description": "gtk2 was updated to fix two security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-4491: Integer overflow in the make_filter_table\n function in pixops/pixops.c in gdk-pixbuf before 2.31.5,\n allowed remote attackers to execute arbitrary code or\n cause a denial of service (heap-based buffer overflow\n and application crash) via crafted bitmap dimensions\n that were mishandled during scaling (bsc#942801).\n\n - CVE-2015-7674: Fix overflow when scaling GIF files\n (bsc#948791).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2015-10-22T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : gtk2 (SUSE-SU-2015:1787-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7674", "CVE-2015-4491"], "modified": "2015-10-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:gtk2", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:gtk2-doc", "p-cpe:/a:novell:suse_linux:gtk2-lang"], "id": "SUSE_SU-2015-1787-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86536", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1787-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86536);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4491\", \"CVE-2015-7674\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : gtk2 (SUSE-SU-2015:1787-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"gtk2 was updated to fix two security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-4491: Integer overflow in the make_filter_table\n function in pixops/pixops.c in gdk-pixbuf before 2.31.5,\n allowed remote attackers to execute arbitrary code or\n cause a denial of service (heap-based buffer overflow\n and application crash) via crafted bitmap dimensions\n that were mishandled during scaling (bsc#942801).\n\n - CVE-2015-7674: Fix overflow when scaling GIF files\n (bsc#948791).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4491/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7674/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151787-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3dde6b06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-gtk2-12146=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-gtk2-12146=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-gtk2-12146=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-gtk2-12146=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-gtk2-12146=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-gtk2-12146=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-gtk2-12146=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-gtk2-12146=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gtk2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gtk2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"gtk2-32bit-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"gtk2-32bit-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"gtk2-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"gtk2-doc-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"gtk2-lang-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"gtk2-32bit-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"gtk2-32bit-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"gtk2-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"gtk2-doc-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"gtk2-lang-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"gtk2-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"gtk2-lang-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"gtk2-32bit-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"gtk2-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"gtk2-lang-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"gtk2-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"gtk2-lang-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"gtk2-32bit-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"gtk2-2.18.9-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"gtk2-lang-2.18.9-0.35.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gtk2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:45", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7673", "CVE-2015-7674"], "description": "- CVE-2015-7673 (denial of service)\n\nIt has been discovered that under certain circumstances while scaling a\ntga file a heap memory allocation may fail which is later used and leads\nto a denial of service.\n\n- CVE-2015-7673 (heap buffer overflow)\n\nIt has been discovered that under certain circumstances while scaling a\ngif file a heap buffer overflow can occur. The cause of this issue was\nthat the integer data type was incompatible with the details of how\nbitwise shifts were used.", "modified": "2015-10-10T00:00:00", "published": "2015-10-10T00:00:00", "id": "ASA-201510-6", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html", "type": "archlinux", "title": "gdk-pixbuf2: multiple issues", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7673", "CVE-2015-7674"], "description": "\nreports:\n\nWe found a heap overflow and a DoS in the gdk-pixbuf\n\t implementation triggered by the scaling of tga file.\n\n\nWe found a heap overflow in the gdk-pixbuf implementation\n\t triggered by the scaling of gif file.\n\n", "edition": 4, "modified": "2015-10-02T00:00:00", "published": "2015-10-02T00:00:00", "id": "9272A5B0-6B40-11E5-BD7F-BCAEC565249C", "href": "https://vuxml.freebsd.org/freebsd/9272a5b0-6b40-11e5-bd7f-bcaec565249c.html", "title": "gdk-pixbuf2 -- head overflow and DoS", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:53", "bulletinFamily": "software", "cvelist": ["CVE-2015-7673", "CVE-2015-7674"], "description": "USN-2767-1 GDK-Pixbuf library vulnerability\n\n# \n\nMedium\n\n# Vendor\n\nGDK Pixbuf\n\n# Versions Affected\n\n * Ubuntu 14.04 \n\n# Description\n\nGustavo Grieco discovered that the GDK-PixBuf library did not properly handle scaling tga image files, leading to a heap overflow. If a user or automated system were tricked into opening a tga image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7673)\n\nGustavo Grieco discovered that the GDK-PixBuf library contained an integer overflow when handling certain GIF images. If a user or automated system were tricked into opening a GIF image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7674)\n\nThe Cloud Foundry project released a cflinuxfs2 rootfs stack that has the patched version of OpenSSH.\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted. \n_\n\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.11.0 have versions of the library vulnerable to USN-2767-1. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.11.0 or later versions. \n\n# Credit\n\nGustavo Grieco\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2767-1>\n * <https://bosh.io/stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n", "edition": 5, "modified": "2015-11-03T00:00:00", "published": "2015-11-03T00:00:00", "id": "CFOUNDRY:DFE291B6AA9E97F0C85DEB2AA18E0080", "href": "https://www.cloudfoundry.org/blog/usn-2767-1/", "title": "USN-2767-1 GDK-Pixbuf library vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:00", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7673", "CVE-2015-7674", "CVE-2015-4491"], "description": "### Background\n\ngdk-pixbuf is an image loading library for GTK+.\n\n### Description\n\nThree heap-based buffer overflow vulnerabilities have been discovered in gdk-pixbuf. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted image file with an application linked against gdk-pixbuf, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll gdk-pixbuf users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/gdk-pixbuf-2.32.1\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.", "edition": 1, "modified": "2015-12-21T00:00:00", "published": "2015-12-21T00:00:00", "id": "GLSA-201512-05", "href": "https://security.gentoo.org/glsa/201512-05", "type": "gentoo", "title": "gdk-pixbuf: Multiple Vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}