CVE-2015-7552

Published: 18 April 2016

Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
gdk-pixbuf
Launchpad, Ubuntu, Debian
Upstream
Released (2.32.0-1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.30.7-0ubuntu1.6])
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was released [2.26.1-1ubuntu1.5])
Patches:
Upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=7b10db13ff370bf2500688054249101ff175a942
Upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ca74893a8e06e99b4adc682ee1550bfd020687c7
Upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=b7bf6fbfb310fceba2d35d4de143b8d5ffdad990
Upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f68cb78a5277f169b9531e6998c00c7976594e4