Published: 05/09/2017 Updated: 07/06/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome gdk-pixbuf 2.36.6
debian debian linux 8.0

Debian Bug report logs - #873787 gdk-pixbuf: CVE-2017-2870 Package: src:gdk-pixbuf; Maintainer for src:gdk-pixbuf is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 31 Aug 2017 05:18:01 UTC Severity: important Tags: fixed-upstr ...

GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file ...

An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2366 when compiled with Clang A specially crafted tiff file can cause a heap-overflow resulting in remote code execution An attacker can send a file or a URL to trigger this vulnerability ...

CWE-190 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377 http://www.securityfocus.com/bid/100541 https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873787 https://usn.ubuntu.com/3418-1/https://nvd.nist.gov

CVE-2017-2870

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect