Integer Underflow in gdk-pixbuf

Do your applications use this vulnerable package? Test your applications

Overview

Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.

References

Debian Security Tracker
FEDORA
FEDORA
Gentoo Security Advisory
MLIST
OSS security Advisory
OSS security Advisory
Security Focus
Ubuntu CVE Tracker
http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
https://bugzilla.gnome.org/show_bug.cgi?id=779016

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

None
Availability

High

CVE: CVE-2017-6313
CWE: CWE-191
Snyk ID: SNYK-DEBIAN9-GDKPIXBUF-344957
Disclosed: 10 Mar, 2017
Published: 10 Mar, 2017

Integer Underflow
Affecting gdk-pixbuf package, versions <2.36.5-2+deb9u2

Overview

References

CVSS Score

Integer Underflow Affecting gdk-pixbuf package, versions <2.36.5-2+deb9u2

Overview

References

Integer Underflow
Affecting gdk-pixbuf package, versions <2.36.5-2+deb9u2