CVE-2015-7673
Published: 2 October 2015
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
Notes
| Author | Note |
|---|---|
| mdeslaur | this is actually fixed in 2.32.0, not 2.32.1 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gdk-pixbuf Launchpad, Ubuntu, Debian |
vivid |
Released
(2.31.3-1ubuntu0.2)
|
| upstream |
Released
(2.32.0-1,2.32.1)
|
|
| precise |
Released
(2.26.1-1ubuntu1.3)
|
|
| trusty |
Does not exist
(trusty was released [2.30.7-0ubuntu1.2])
|
|
|
Patches: upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e |
||