Lucene search

K

[email protected]NVD:CVE-2015-7673

HistoryOct 26, 2015 - 5:59 p.m.

CVE-2015-7673

2015-10-2617:59:09

CWE-119

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.0%

io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.

Affected configurations

NVD

Node

opensuseopensuseMatch13.2

Node

gnomegdk-pixbufRange≤2.31.4

References

ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.0.news

lists.opensuse.org/opensuse-updates/2016-03/msg00124.html

lists.opensuse.org/opensuse-updates/2016-06/msg00006.html

www.debian.org/security/2015/dsa-3378

www.openwall.com/lists/oss-security/2015/10/01/3

www.openwall.com/lists/oss-security/2015/10/02/9

www.securityfocus.com/bid/76953

www.ubuntu.com/usn/USN-2767-1

git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d

git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e

git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c

security.gentoo.org/glsa/201512-05

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.0%

Related for NVD:CVE-2015-7673

prion1 cve1 ubuntucve1 debiancve1 cvelist1 nessus11 osv2 archlinux1 openvas8 debian3 securityvulns2 mageia1 cloudfoundry1 freebsd1 ubuntu1 gentoo1