CVE-2015-7552

Published: 18 April 2016

Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
gdk-pixbuf Launchpad, Ubuntu, Debian	precise	Does not exist (precise was released [2.26.1-1ubuntu1.5])
	trusty	Does not exist (trusty was released [2.30.7-0ubuntu1.6])
	upstream	Released (2.32.0-1)
	wily	Not vulnerable (2.32.1-1)
	xenial	Not vulnerable
	yakkety	Not vulnerable
	zesty	Not vulnerable
	Patches: upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=7b10db13ff370bf2500688054249101ff175a942 upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ca74893a8e06e99b4adc682ee1550bfd020687c7 upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=b7bf6fbfb310fceba2d35d4de143b8d5ffdad990 upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f68cb78a5277f169b9531e6998c00c7976594e4

References

Bugs

https://bugzilla.suse.com/show_bug.cgi?id=958963

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›