Lucene search

K

PRIOn knowledge basePRION:CVE-2015-4491

HistoryAug 16, 2015 - 1:59 a.m.

Integer overflow

2015-08-1601:59:00

PRIOn knowledge base

www.prio-n.com

6

8.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

85.9%

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq14.04
ubuntu_linuxeq15.04
fedoraeq22
fedoraeq21
gdk-pixbufle2.31.4
opensuseeq13.1
opensuseeq13.2
solariseq11.3
solariseq10

References

lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

lists.opensuse.org/opensuse-updates/2015-08/msg00030.html

lists.opensuse.org/opensuse-updates/2015-08/msg00031.html

lists.opensuse.org/opensuse-updates/2015-09/msg00002.html

rhn.redhat.com/errata/RHSA-2015-1586.html

rhn.redhat.com/errata/RHSA-2015-1682.html

rhn.redhat.com/errata/RHSA-2015-1694.html

www.debian.org/security/2015/dsa-3337

www.mozilla.org/security/announce/2015/mfsa2015-88.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.securitytracker.com/id/1033247

www.securitytracker.com/id/1033372

www.ubuntu.com/usn/USN-2702-1

www.ubuntu.com/usn/USN-2702-2

www.ubuntu.com/usn/USN-2702-3

www.ubuntu.com/usn/USN-2712-1

www.ubuntu.com/usn/USN-2722-1

bugzilla.gnome.org/show_bug.cgi?id=752297

bugzilla.mozilla.org/show_bug.cgi?id=1184009

bugzilla.redhat.com/show_bug.cgi?id=1252290

git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199

lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html

security.gentoo.org/glsa/201512-05

security.gentoo.org/glsa/201605-06

8.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

85.9%

Related for PRION:CVE-2015-4491

nessus42 ibm5 fedora4 debian4 cvelist1 mozilla1 mageia3 openvas43 veracode13 centos3 securityvulns5 oraclelinux3 f51 suse7 debiancve1 ubuntu5 ubuntucve1 freebsd2 redhat3 cve1 slackware1 osv1 gentoo2 kaspersky1 archlinux1