GoogleOSV:DSA-3378-1gdk-pixbuf - security update
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.024 Low
EPSS
Percentile
88.3%
Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit
for image loading and pixel buffer manipulation. The Common
Vulnerabilities and Exposures project identifies the following problems:
- CVE-2015-7673
Gustavo Grieco discovered a heap overflow in the processing of TGA
images which may result in the execution of arbitrary code or denial
of service (process crash) if a malformed image is opened. - CVE-2015-7674
Gustavo Grieco discovered an integer overflow flaw in the processing
of GIF images which may result in the execution of arbitrary code or
denial of service (process crash) if a malformed image is opened.
For the oldstable distribution (wheezy), these problems have been fixed
in version 2.26.1-1+deb7u2.
For the stable distribution (jessie), these problems have been fixed in
version 2.31.1-2+deb8u3.
For the testing distribution (stretch), these problems have been fixed
in version 2.32.1-1 or earlier.
For the unstable distribution (sid), these problems have been fixed in
version 2.32.1-1 or earlier.
We recommend that you upgrade your gdk-pixbuf packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gdk-pixbuf | eq | 2.31.1-2 | |
| gdk-pixbuf | eq | 2.31.1-2+deb8u1 | |
| gdk-pixbuf | eq | 2.31.1-2+deb8u2 |
References
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.024 Low
EPSS
Percentile
88.3%