Your submission was sent successfully! Close

CVE-2015-7673

Published: 02 October 2015

io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.

Priority

Medium

Status

Package Release Status
gdk-pixbuf
Launchpad, Ubuntu, Debian
Upstream
Released (2.32.0-1,2.32.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.30.7-0ubuntu1.2])
Patches:
Upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
Upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
Upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e