CVE-2017-2862

Published: 05 September 2017

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
gdk-pixbuf
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (2.32.2-1ubuntu1.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.30.7-0ubuntu1.7])
Patches:
Upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=c2a40a92fe3df4111ed9da51fe3368c079b86926
Upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6dd89e126a277460faafc1f679db44ccf78446fb

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading