CVE-2016-6352

Published: 27 July 2016

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
gdk-pixbuf
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.32.2-1ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.30.7-0ubuntu1.6])
Patches:
Upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599
Upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=17aff883dde5325cbd20cc3677f096010f55bf3c (test image)

Notes

AuthorNote
sbeattie
gdk-pixbuf report notes that this may not be necessary
for precise, as the reproducer doesn't crash with 2.26. Also,
patch does not apply cleanly to precise's 2.26.1 version.

References

Bugs