Published: 27 July 2016
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
CVSS 3 base score: 7.5
Launchpad, Ubuntu, Debian
|Ubuntu 16.04 ESM (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
Does not exist
(trusty was released [2.30.7-0ubuntu1.6])
Upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=17aff883dde5325cbd20cc3677f096010f55bf3c (test image)
gdk-pixbuf report notes that this may not be necessary for precise, as the reproducer doesn't crash with 2.26. Also, patch does not apply cleanly to precise's 2.26.1 version.