Heap Overflow

2018-07-2609:50:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

libgdk_pixbuf-2.0.so is vulnerable to heap overflows. A malicious user can pass a jpeg file to the gdk_pixbuf__jpeg_image_load_increment function in io-jpeg.c, causing a heap overflow that can crash the application or cause arbitrary code to be executed.

CPENameOperatorVersion
libgdk_pixbuf-2.0.sole 0.4200.2
gdk-pixbuf:3.4eq2.34.0-r1
gdk-pixbuf2eq2.36.5__1.el7
gdk-pixbuf2eq2.28.2__5.ael7b_1
libgdk_pixbuf-2.0.sole 0.4200.2
gdk-pixbuf:3.4eq2.34.0-r1
gdk-pixbuf2eq2.36.5__1.el7
gdk-pixbuf2eq2.28.2__5.ael7b_1

Name	Operator	Version
libgdk_pixbuf-2.0.so	le	0.4200.2
gdk-pixbuf:3.4	eq	2.34.0-r1
gdk-pixbuf2	eq	2.36.5__1.el7
gdk-pixbuf2	eq	2.28.2__5.ael7b_1
libgdk_pixbuf-2.0.so	le	0.4200.2
gdk-pixbuf:3.4	eq	2.34.0-r1
gdk-pixbuf2	eq	2.36.5__1.el7
gdk-pixbuf2	eq	2.28.2__5.ael7b_1