Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2017-6312

Published: 10/03/2017 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Gnome

Vulnerability Summary

Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent malicious users to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome gdk-pixbuf

fedoraproject fedora 30

fedoraproject fedora 31

debian debian linux 8.0

Vendor Advisories

Ubuntu Security Notice: gdk-pixbuf vulnerabilities
Several security issues were fixed in GDK-PixBuf ...
Debian Security Advisories: DSA-4088-1 gdk-pixbuf -- security update
It was discovered that multiple integer overflows in the GIF image loader in the GDK Pixbuf library may result in denial of service and potentially the execution of arbitrary code if a malformed image file is opened For the oldstable distribution (jessie), this problem has been fixed in version 2311-2+deb8u7 For the stable distribution (stretch ...
Debian CVElist Bug Report Logs: gdk-pixbuf: CVE-2017-6314: Infinite loop in io-tiff.c with large size
Debian Bug report logs - #856448 gdk-pixbuf: CVE-2017-6314: Infinite loop in io-tiffc with large size Package: src:gdk-pixbuf; Maintainer for src:gdk-pixbuf is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 1 Mar 2017 06:09:0 ...
Debian CVElist Bug Report Logs: gdk-pixbuf: CVE-2017-6313: Integer underflow in io-icns.c
Debian Bug report logs - #856445 gdk-pixbuf: CVE-2017-6313: Integer underflow in io-icnsc Package: src:gdk-pixbuf; Maintainer for src:gdk-pixbuf is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 1 Mar 2017 06:06:02 UTC Sever ...
Debian CVElist Bug Report Logs: gdk-pixbuf: CVE-2017-6312: Possible out-of-bounds read
Debian Bug report logs - #856444 gdk-pixbuf: CVE-2017-6312: Possible out-of-bounds read Package: src:gdk-pixbuf; Maintainer for src:gdk-pixbuf is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 1 Mar 2017 05:57:02 UTC Severity ...
Red Hat: CVE-2017-6312
An out-of-bounds read flaw was found in the way GdkPixbuf handled ICO format files A maliciously crafted ICO file could cause the application using GdkPixbuf to crash ...

References

CWE-190https://bugzilla.gnome.org/show_bug.cgi?id=779012http://www.openwall.com/lists/oss-security/2017/02/26/1http://www.openwall.com/lists/oss-security/2017/02/21/4http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.htmlhttp://www.securityfocus.com/bid/96779https://security.gentoo.org/glsa/201709-08https://lists.debian.org/debian-lts-announce/2019/12/msg00025.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/https://usn.ubuntu.com/3532-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmwareCVE-2023-52866CVE-2024-4367CVE-2024-1721CVE-2023-34992XML injectionCVE-2023-52817SQLCVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook