CLD-10 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-2862 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) gdk-pixbuf
Deficiency Type SECURITY
Date Created 2017-09-05 17:13:24
Date Last Modified 2017-09-05 17:52:35

Version Specific Information:

Cucumber 1.0 i686 fixed in gdk-pixbuf-2.36.9-i686-1
Cucumber 1.0 x86_64 fixed in gdk-pixbuf-2.36.9-x86_64-1 and gdk-pixbuf-lib_i686-2.36.9-lib_i686-1


An exploitable heap overflow vulnerability exists in the
gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A
specially crafted jpeg file can cause a heap overflow resulting in remote code
execution. An attacker can send a file or url to trigger this vulnerability

This is Gnome Bug 784866 (,
which has been fixed in gdk-pixbuf 2.36.7

Original Vulnerability Report: