Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf affecting Linux systems using Gnome. This issue is triggered by the scaling of a malformed bitmap format image and results in a potentially exploitable crash.

Affected configurations

Vulners

Node

mozillafirefoxRange<40

mozillafirefox_esrRange<38.2

mozillaseamonkeyRange<2.35

mozillathunderbirdRange<38.2

CPENameOperatorVersion
firefoxlt40
firefox esrlt38.2
seamonkeylt2.35
thunderbirdlt38.2

Name	Operator	Version
firefox	lt	40
firefox esr	lt	38.2
seamonkey	lt	2.35
thunderbird	lt	38.2

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491

bugzilla.mozilla.org/show_bug.cgi?id=1184009

nessus 42

openvas 43

prion 1

ibm 5

debian 4

fedora 4

mageia 3

cvelist 1

suse 7

securityvulns 5

f5 1

ubuntu 5

oraclelinux 3

ubuntucve 1

debiancve 1

freebsd 2

cve 1

redhat 3

slackware 1

nvd 1

veracode 13

centos 3

gentoo 2

osv 1

archlinux 1

kaspersky 1

nessus

Fedora 22 : gdk-pixbuf2-2.31.6-1.fc22 (2015-13925)

2015-09-08 00:00:00

RHEL 6 / 7 : gdk-pixbuf2 (RHSA-2015:1694)

2015-09-01 00:00:00

openSUSE Security Update : gdk-pixbuf (openSUSE-2015-570)

2015-09-08 00:00:00

openvas

Ubuntu: Security Advisory (USN-2722-1)

2015-08-27 00:00:00

Mozilla Firefox Security Advisory (MFSA2015-88) - Linux

2021-11-11 00:00:00

openSUSE: Security Advisory for gdk-pixbuf (openSUSE-SU-2018:2287-1)

2018-08-10 00:00:00

prion

Integer overflow

2015-08-16 01:59:00

ibm

Security Bulletin: Vulnerability in Mozilla gdk-pixbuf2 affects PowerKVM (CVE-2015-4491)

2018-06-18 01:29:35

Security Bulletin: Vulnerability in gdk-pixbuf affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance

2018-06-17 22:30:13

Security Bulletin: Multiple vulnerabilities in Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

2018-06-17 22:30:13

debian

[SECURITY] [DSA 3337-2] gdk-pixbuf security update

2015-12-17 05:40:28

[SECURITY] [DSA 3337-1] gdk-pixbuf security update

2015-08-18 13:37:18

[SECURITY] [DSA 3337-2] gdk-pixbuf security update

2015-12-17 05:40:28

fedora

[SECURITY] Fedora 21 Update: gdk-pixbuf2-2.31.6-1.fc21

2015-09-06 06:24:59

[SECURITY] Fedora 22 Update: mingw-gdk-pixbuf-2.31.6-1.fc22

2015-09-06 04:55:25

[SECURITY] Fedora 21 Update: mingw-gdk-pixbuf-2.31.6-1.fc21

2015-09-06 06:24:47

mageia

Updated gdk-pixbuf2.0 package fixes security vulnerability

2015-08-13 23:56:40

Updated thunderbird packages fix security vulnerabilities

2015-08-27 23:49:46

Updated firefox packages fixes security vulnerabilities

2015-08-11 23:22:53

cvelist

CVE-2015-4491

2015-08-16 01:00:00

suse

Security update for gdk-pixbuf (moderate)

2018-08-10 03:10:27

Security update for MozillaFirefox, mozilla-nss (important)

2015-09-10 17:10:07

Security update for MozillaFirefox, mozilla-nss (important)

2015-09-02 12:10:07

securityvulns

gdk-pixbuf buffer overflow

2015-08-24 00:00:00

[USN-2722-1] GDK-PixBuf vulnerability

2015-10-25 00:00:00

[SECURITY] [DSA 3337-1] gdk-pixbuf security update

2015-08-24 00:00:00

K76434343 : gdk-pixbuf vulnerability CVE-2015-4491

2017-09-13 00:00:00

ubuntu

GDK-PixBuf vulnerability

2015-08-26 00:00:00

Thunderbird vulnerabilities

2015-08-25 00:00:00

Ubufox update

2015-08-11 00:00:00

oraclelinux

gdk-pixbuf2 security update

2015-08-31 00:00:00

thunderbird security update

2015-08-25 00:00:00

firefox security update

2015-08-11 00:00:00

ubuntucve

CVE-2015-4491

2015-08-11 00:00:00

debiancve

CVE-2015-4491

2015-08-16 01:59:19

freebsd

gdk-pixbuf2 -- heap overflow and DoS

2015-07-12 00:00:00

mozilla -- multiple vulnerabilities

2015-08-11 00:00:00

cve

CVE-2015-4491

2015-08-16 01:59:19

redhat

(RHSA-2015:1694) Moderate: gdk-pixbuf2 security update

2015-08-31 00:00:00

(RHSA-2015:1682) Important: thunderbird security update

2015-08-25 00:00:00

(RHSA-2015:1586) Critical: firefox security update

2015-08-11 00:00:00

slackware

[slackware-security] gdk-pixbuf2

2015-09-01 23:35:52

nvd

CVE-2015-4491

2015-08-16 01:59:19

veracode

Denial Of Service (DoS)

2019-01-15 09:07:34

Denial Of Service (DoS)

2019-05-02 05:18:06

Denial Of Service (DoS)

2019-05-02 05:18:07

centos

gdk security update

2015-08-31 16:41:33

thunderbird security update

2015-08-25 22:25:27

firefox security update

2015-08-11 20:36:44

gentoo

gdk-pixbuf: Multiple Vulnerabilities

2015-12-21 00:00:00

Mozilla Products: Multiple vulnerabilities

2016-05-31 00:00:00

osv

gtk+2.0 - security update

2016-02-27 00:00:00

archlinux

firefox: multiple issues

2015-08-12 00:00:00

kaspersky

KLA10643 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

2015-08-11 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.8%

JSON

Related for MFSA2015-88