CLD-10 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
gdk-pixbuf |
| Deficiency Type |
SECURITY |
| Date Created |
2017-09-05 17:13:24 |
| Date Last Modified |
2017-09-05 17:52:35 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in gdk-pixbuf-2.36.9-i686-1 |
| Cucumber 1.0 x86_64 | fixed in gdk-pixbuf-2.36.9-x86_64-1 and gdk-pixbuf-lib_i686-2.36.9-lib_i686-1 |
| Cucumber 1.1 i686 |
fixed in gdk-pixbuf-2.36.9-i686-1 |
| Cucumber 1.1 x86_64 |
fixed in gdk-pixbuf-2.36.9-x86_64-1 and gdk-pixbuf-lib_i686-2.36.9-lib_i686-1 |
Details:
An exploitable heap overflow vulnerability exists in the
gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A
specially crafted jpeg file can cause a heap overflow resulting in remote code
execution. An attacker can send a file or url to trigger this vulnerability
(https://nvd.nist.gov/vuln/detail/CVE-2017-2862).
This is Gnome Bug 784866 (https://bugzilla.gnome.org/show_bug.cgi?id=784866),
which has been fixed in gdk-pixbuf 2.36.7
(http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.7.news).
Original Vulnerability Report:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366