Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf prior to 2.31.5, as used in Mozilla Firefox prior to 40.0 and Firefox ESR 38.x prior to 38.2 on Linux, Google Chrome on Linux, and other products, allows remote malicious users to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnome gdk-pixbuf |
||
oracle solaris 10 |
||
oracle solaris 11.3 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 15.04 |
||
fedoraproject fedora 21 |
||
fedoraproject fedora 22 |