Your submission was sent successfully! Close

CVE-2017-2862

Published: 5 September 2017

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
gdk-pixbuf
Launchpad, Ubuntu, Debian 		precise Does not exist

trusty Does not exist
(trusty was released [2.30.7-0ubuntu1.7])
upstream Needs triage

xenial
Released (2.32.2-1ubuntu1.3)
zesty
Released (2.36.5-3ubuntu0.2)
Patches:
upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=c2a40a92fe3df4111ed9da51fe3368c079b86926
upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6dd89e126a277460faafc1f679db44ccf78446fb

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading