Integer overflow in the make_filter_table function in pixops/pixops.c in
gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and
Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other
products, allows remote attackers to execute arbitrary code or cause a
denial of service (heap-based buffer overflow and application crash) via
crafted bitmap dimensions that are mishandled during scaling.
Author | Note |
---|---|
mdeslaur | initial gdk-pixbuf fix was incomplete |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | firefox | < 40.0+build4-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | firefox | < 40.0+build4-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 15.04 | noarch | firefox | < 40.0+build4-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | gdk-pixbuf | < 2.26.1-1ubuntu1.2 | UNKNOWN |
ubuntu | 14.04 | noarch | gdk-pixbuf | < 2.30.7-0ubuntu1.1 | UNKNOWN |
ubuntu | 15.04 | noarch | gdk-pixbuf | < 2.31.3-1ubuntu0.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 1:38.2.0+build1-0ubuntu0.12.04.2 | UNKNOWN |
ubuntu | 14.04 | noarch | thunderbird | < 1:38.2.0+build1-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 15.04 | noarch | thunderbird | < 1:38.2.0+build1-0ubuntu0.15.04.1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2015-4491
nvd.nist.gov/vuln/detail/CVE-2015-4491
security-tracker.debian.org/tracker/CVE-2015-4491
ubuntu.com/security/notices/USN-2702-1
ubuntu.com/security/notices/USN-2712-1
ubuntu.com/security/notices/USN-2722-1
www.cve.org/CVERecord?id=CVE-2015-4491
www.mozilla.org/en-US/security/advisories/mfsa2015-88/