CVE-2015-7674

Published: 2 October 2015

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.

Priority

Status

Package	Release	Status
gdk-pixbuf Launchpad, Ubuntu, Debian	precise	Released (2.26.1-1ubuntu1.3)
	trusty	Does not exist (trusty was released [2.30.7-0ubuntu1.2])
	upstream	Released (2.32.1)
	vivid	Released (2.31.3-1ubuntu0.2)
	Patches: upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674
http://www.openwall.com/lists/oss-security/2015/10/01/4
https://ubuntu.com/security/notices/USN-2767-1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›