CVE-2017-12447

Published: 07 March 2019

GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
gdk-pixbuf
Launchpad, Ubuntu, Debian
Upstream
Released (2.34.0-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.36.11-2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.32.2-1ubuntu1.6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.30.7-0ubuntu1.6])
Patches:
Upstream: https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/b7bf6fbfb310fceba2d35d4de143b8d5ffdad990 (2.33.2)

Notes

AuthorNote
mdeslaur
in trusty, this was already included in the CVE-2015-7552 patch
should also include the following in xenial:
https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/ca74893a8e06e99b4adc682ee1550bfd020687c7

References

Bugs