Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-3378-1 gdk-pixbuf -- security update

Related Vulnerabilities: CVE-2015-7673   CVE-2015-7674  

Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer manipulation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-7673 Gustavo Grieco discovered a heap overflow in the processing of TGA images which may result in the execution of arbitrary code or denial of service (process crash) if a malformed image is opened. CVE-2015-7674 Gustavo Grieco discovered an integer overflow flaw in the processing of GIF images which may result in the execution of arbitrary code or denial of service (process crash) if a malformed image is opened. For the oldstable distribution (wheezy), these problems have been fixed in version 2.26.1-1+deb7u2. For the stable distribution (jessie), these problems have been fixed in version 2.31.1-2+deb8u3. For the testing distribution (stretch), these problems have been fixed in version 2.32.1-1 or earlier. For the unstable distribution (sid), these problems have been fixed in version 2.32.1-1 or earlier. We recommend that you upgrade your gdk-pixbuf packages.

Source

Debian Security Advisory

DSA-3378-1 gdk-pixbuf -- security update

Date Reported:
24 Oct 2015
Affected Packages:
gdk-pixbuf
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2015-7673, CVE-2015-7674.
More information:

Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer manipulation. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2015-7673

    Gustavo Grieco discovered a heap overflow in the processing of TGA images which may result in the execution of arbitrary code or denial of service (process crash) if a malformed image is opened.

  • CVE-2015-7674

    Gustavo Grieco discovered an integer overflow flaw in the processing of GIF images which may result in the execution of arbitrary code or denial of service (process crash) if a malformed image is opened.

For the oldstable distribution (wheezy), these problems have been fixed in version 2.26.1-1+deb7u2.

For the stable distribution (jessie), these problems have been fixed in version 2.31.1-2+deb8u3.

For the testing distribution (stretch), these problems have been fixed in version 2.32.1-1 or earlier.

For the unstable distribution (sid), these problems have been fixed in version 2.32.1-1 or earlier.

We recommend that you upgrade your gdk-pixbuf packages.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started