Lucene search

Veracode Vulnerability DatabaseVERACODE:11784

HistoryJan 15, 2019 - 9:07 a.m.

Denial Of Service (DoS)

2019-01-1509:07:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

gdk-pixbuf2 is vulnerable to denial of service (DoS) attacks. The vulnerability exists as an Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

CPENameOperatorVersion
gdk-pixbuf2eq2.24.1__5.el6
thunderbirdeq17.0.3__2.el5_9
thunderbirdeq31.5.0__1.el6_6
thunderbirdeq24.4.0__1.el6_5
thunderbirdeq10.0.8__1.el6_3
thunderbirdeq1.5.0.10__1.el5
thunderbirdeq17.0.10__1.el6_4
thunderbirdeq2.0.0.16__1.el5
thunderbirdeq2.0.0.24__27.el5_7
thunderbirdeq3.1.10__1.el6_0

Name	Operator	Version
gdk-pixbuf2	eq	2.24.1__5.el6
thunderbird	eq	17.0.3__2.el5_9
thunderbird	eq	31.5.0__1.el6_6
thunderbird	eq	24.4.0__1.el6_5
thunderbird	eq	10.0.8__1.el6_3
thunderbird	eq	1.5.0.10__1.el5
thunderbird	eq	17.0.10__1.el6_4
thunderbird	eq	2.0.0.16__1.el5
thunderbird	eq	2.0.0.24__27.el5_7
thunderbird	eq	3.1.10__1.el6_0

Rows per page:

1-10 of 2421

References

lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

lists.opensuse.org/opensuse-updates/2015-08/msg00030.html

lists.opensuse.org/opensuse-updates/2015-08/msg00031.html

lists.opensuse.org/opensuse-updates/2015-09/msg00002.html

rhn.redhat.com/errata/RHSA-2015-1586.html

rhn.redhat.com/errata/RHSA-2015-1682.html

rhn.redhat.com/errata/RHSA-2015-1694.html

www.debian.org/security/2015/dsa-3337

www.mozilla.org/security/announce/2015/mfsa2015-88.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.securitytracker.com/id/1033247

www.securitytracker.com/id/1033372

www.ubuntu.com/usn/USN-2702-1

www.ubuntu.com/usn/USN-2702-2

www.ubuntu.com/usn/USN-2702-3

www.ubuntu.com/usn/USN-2712-1

www.ubuntu.com/usn/USN-2722-1

access.redhat.com/security/updates/classification/#moderate

bugzilla.gnome.org/show_bug.cgi?id=752297

bugzilla.mozilla.org/show_bug.cgi?id=1184009

bugzilla.redhat.com/show_bug.cgi?id=1252290

git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199

rhn.redhat.com/errata/RHSA-2015-1694.html

security.gentoo.org/glsa/201512-05

security.gentoo.org/glsa/201605-06

www.mozilla.org/security/announce/2015/mfsa2015-88.html

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:11784