Published: 01/06/2016 Updated: 05/10/2016

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf prior to 2.33.1 allow remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome gdk-pixbuf
debian debian linux 8.0

GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file ...

Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer manipulation A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using gdk-pixbuf (application crash), or potentially, to execute arbitrary code with the privileges of the user running the app ...

Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixopsc in gdk-pixbuf before 2331 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflo ...

CWE-189 http://www.openwall.com/lists/oss-security/2016/05/12/3 http://www.debian.org/security/2016/dsa-3589 http://www.openwall.com/lists/oss-security/2016/05/17/7 http://www.openwall.com/lists/oss-security/2016/05/16/1 https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22 http://www.ubuntu.com/usn/USN-3085-1 https://usn.ubuntu.com/3085-1/https://nvd.nist.gov

CVE-2015-8875

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect