Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

gdk-pixbuf vulnerabilities

Related Vulnerabilities: CVE-2015-7552   CVE-2015-8875   CVE-2016-6352  

GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file.

It was discovered that the GDK-PixBuf library did not properly handle specially crafted bmp images, leading to a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted bmp file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-7552)

Source

21 September 2016

gdk-pixbuf vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file.

Software Description

  • gdk-pixbuf - GDK-Pixbuf library

Details

It was discovered that the GDK-PixBuf library did not properly handle specially crafted bmp images, leading to a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted bmp file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-7552)

It was discovered that the GDK-PixBuf library contained an integer overflow when handling certain images. If a user or automated system were tricked into opening a crafted image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8875)

Franco Costantini discovered that the GDK-PixBuf library contained an out-of-bounds write error when parsing an ico file. If a user or automated system were tricked into opening a crafted ico file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6352)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
libgdk-pixbuf2.0-0 - 2.32.2-1ubuntu1.2
Ubuntu 14.04 LTS
libgdk-pixbuf2.0-0 - 2.30.7-0ubuntu1.6
Ubuntu 12.04 LTS
libgdk-pixbuf2.0-0 - 2.26.1-1ubuntu1.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started