Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf prior to 2.31.5, as used in Mozilla Firefox prior to 40.0 and Firefox ESR 38.x prior to 38.2 on Linux, Google Chrome on Linux, and other products, allows remote malicious users to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnome gdk-pixbuf |
||
oracle solaris 11.3 |
||
oracle solaris 10 |
||
fedoraproject fedora 22 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
||
fedoraproject fedora 21 |
||
canonical ubuntu linux 15.04 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |