Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2015-7673

Published: 2 October 2015

io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.

Notes

AuthorNote
mdeslaur
this is actually fixed in 2.32.0, not 2.32.1

Priority

Medium

Status

Package Release Status
gdk-pixbuf
Launchpad, Ubuntu, Debian
vivid
Released (2.31.3-1ubuntu0.2)
upstream
Released (2.32.0-1,2.32.1)
precise
Released (2.26.1-1ubuntu1.3)
trusty Does not exist
(trusty was released [2.30.7-0ubuntu1.2])
Patches:
upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e