Vulnerability Details : CVE-2015-7674
Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2015-7674
- cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7674
2.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7674
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2015-7674
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7674
-
http://www.openwall.com/lists/oss-security/2015/10/01/4
oss-security - CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1
-
http://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html
openSUSE-SU-2016:1467-1: moderate: Security update for gdk-pixbuf
-
https://security.gentoo.org/glsa/201512-05
gdk-pixbuf: Multiple Vulnerabilities (GLSA 201512-05) — Gentoo security
-
http://www.ubuntu.com/usn/USN-2767-1
USN-2767-1: GDK-PixBuf vulnerabilities | Ubuntu security noticesPatch
-
http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.html
openSUSE-SU-2016:0897-1: moderate: Security update for gdk-pixbuf
-
http://www.openwall.com/lists/oss-security/2015/10/01/7
oss-security - Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1
-
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa
pixops: Don't overflow variables when shifting them (e9a5704e) · Commits · GNOME / gdk-pixbuf · GitLab
-
http://www.debian.org/security/2015/dsa-3378
Debian -- Security Information -- DSA-3378-1 gdk-pixbuf
-
http://www.openwall.com/lists/oss-security/2015/10/02/10
oss-security - Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1
-
http://www.securityfocus.com/bid/76955
Gnome GdkPixbuf 'pixops.c' Heap Based Buffer Overflow Vulnerability
-
http://www.openwall.com/lists/oss-security/2015/10/05/7
oss-security - Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1
-
http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.1.news
Jump to