Vulnerability Details : CVE-2015-7673
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2015-7673
- cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7673
2.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7673
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2015-7673
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7673
-
http://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html
openSUSE-SU-2016:1467-1: moderate: Security update for gdk-pixbuf
-
http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.0.news
-
https://security.gentoo.org/glsa/201512-05
gdk-pixbuf: Multiple Vulnerabilities (GLSA 201512-05) — Gentoo security
-
http://www.ubuntu.com/usn/USN-2767-1
USN-2767-1: GDK-PixBuf vulnerabilities | Ubuntu security noticesPatch
-
http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.html
openSUSE-SU-2016:0897-1: moderate: Security update for gdk-pixbuf
-
http://www.debian.org/security/2015/dsa-3378
Debian -- Security Information -- DSA-3378-1 gdk-pixbuf
-
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
pixops: Fail make_weights functions on OOM (19f9685d) · Commits · GNOME / gdk-pixbuf · GitLab
-
http://www.securityfocus.com/bid/76953
gdk-pixbuf Heap Buffer Overflow and Denial of Service Vulnerabilities
-
http://www.openwall.com/lists/oss-security/2015/10/01/3
oss-security - CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1
-
http://www.openwall.com/lists/oss-security/2015/10/02/9
oss-security - Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1
-
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e
io-tga: Colormaps are always present, so always parse them. (6ddca835) · Commits · GNOME / gdk-pixbuf · GitLab
-
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
tga: Wrap TGAColormap struct in its own API (edf6fb8d) · Commits · GNOME / gdk-pixbuf · GitLab
Jump to