CVE-2015-5297

Published: 31 December 2015

An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code.

Priority

CVSS 3 base score: 9.8

Status

Package	Release	Status
pixman Launchpad, Ubuntu, Debian	bionic	Not vulnerable (0.34.0-2)
	cosmic	Not vulnerable
	precise	Released (0.30.2-1ubuntu0.0.0.0.4)
	trusty	Released (0.30.2-2ubuntu1.2)
	upstream	Released (0.33.4-1)
	xenial	Not vulnerable (0.33.6-1)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5297
https://ubuntu.com/security/notices/USN-3843-1
https://ubuntu.com/security/notices/USN-3843-2
NVD
Launchpad
Debian

Bugs

https://bugs.freedesktop.org/show_bug.cgi?id=92027

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›