Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-12447

Published: 7 March 2019

GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.

Notes

AuthorNote
mdeslaur
in trusty, this was already included in the CVE-2015-7552 patch
should also include the following in xenial:
https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/ca74893a8e06e99b4adc682ee1550bfd020687c7

Priority

Medium

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package Release Status
gdk-pixbuf
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(2.36.11-2)
cosmic Not vulnerable

trusty
Released (2.30.7-0ubuntu1.6)
upstream
Released (2.34.0-1)
xenial
Released (2.32.2-1ubuntu1.6)
Patches:
upstream: https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/b7bf6fbfb310fceba2d35d4de143b8d5ffdad990 (2.33.2)

Severity score breakdown

Parameter Value
Base score 7.8
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H