Lucene search

[email protected]NVD:CVE-2015-4491

HistoryAug 16, 2015 - 1:59 a.m.

CVE-2015-4491

2015-08-1601:59:19

CWE-189

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.8 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.8%

JSON

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Affected configurations

NVD

Node

gnomegdk-pixbufRange≤2.31.4

AND

googlechromeMatch-

mozillafirefoxRange≤39.0.3

mozillafirefox_esrMatch38.0

mozillafirefox_esrMatch38.0.1

mozillafirefox_esrMatch38.0.5

mozillafirefox_esrMatch38.1.0

linuxlinux_kernel

Node

oraclesolarisMatch10

oraclesolarisMatch11.3

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

fedoraprojectfedoraMatch21

fedoraprojectfedoraMatch22

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

References

lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

lists.opensuse.org/opensuse-updates/2015-08/msg00030.html

lists.opensuse.org/opensuse-updates/2015-08/msg00031.html

lists.opensuse.org/opensuse-updates/2015-09/msg00002.html

rhn.redhat.com/errata/RHSA-2015-1586.html

rhn.redhat.com/errata/RHSA-2015-1682.html

rhn.redhat.com/errata/RHSA-2015-1694.html

www.debian.org/security/2015/dsa-3337

www.mozilla.org/security/announce/2015/mfsa2015-88.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.securitytracker.com/id/1033247

www.securitytracker.com/id/1033372

www.ubuntu.com/usn/USN-2702-1

www.ubuntu.com/usn/USN-2702-2

www.ubuntu.com/usn/USN-2702-3

www.ubuntu.com/usn/USN-2712-1

www.ubuntu.com/usn/USN-2722-1

bugzilla.gnome.org/show_bug.cgi?id=752297

bugzilla.mozilla.org/show_bug.cgi?id=1184009

bugzilla.redhat.com/show_bug.cgi?id=1252290

git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199

security.gentoo.org/glsa/201512-05

security.gentoo.org/glsa/201605-06

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.8 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.8%

JSON

Related for NVD:CVE-2015-4491