VDB
ALPINE-CVE-2017-6312
ALPINE-CVE-2017-6312
PUBLISHED
CVSS 5.5 MEDIUM
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.15 | gdk-pixbuf | 2.22.0-r0, 2.22.0-r1, 2.22.1-r0 |
| Alpine:v3.7 | gdk-pixbuf | 2.22.1-r1, 0, 2.36.6-r0 |
| Alpine:v3.17 | gdk-pixbuf | 2.36.6-r0, 2.36.5-r0, 2.36.2-r0 |
| Alpine:v3.12 | gdk-pixbuf | 2.22.0-r0, 2.36.5-r0, 2.36.2-r0 |
| Alpine:v3.22 | gdk-pixbuf | 2.22.0-r0, 2.36.6-r0, 2.36.5-r0 |
| Alpine:v3.6 | gdk-pixbuf | 2.22.0-r1, 2.36.6-r0, 2.36.5-r0 |
| Alpine:v3.20 | gdk-pixbuf | 2.22.0-r1, 2.22.0-r0, 0 |
| Alpine:v3.18 | gdk-pixbuf | 2.32.2-r0, 2.22.0-r1, 2.22.0-r3 |
| Alpine:v3.16 | gdk-pixbuf | 2.22.0-r1, 0, 2.22.0-r0 |
| Alpine:v3.11 | gdk-pixbuf | 2.24.0-r1, 0, 2.22.0-r1 |
| Alpine:v3.14 | gdk-pixbuf | 2.22.1-r2, 2.22.0-r1, 2.22.0-r2 |
| Alpine:v3.8 | gdk-pixbuf | 2.22.0-r2, 0, 2.22.0-r0 |
| Alpine:v3.10 | gdk-pixbuf | 0, 2.36.6-r0, 2.36.5-r0 |
| Alpine:v3.9 | gdk-pixbuf | 0, 2.36.6-r0, 2.36.5-r0 |
| Alpine:v3.23 | gdk-pixbuf | 2.36.6-r0, 2.34.0-r1, 0 |
| Alpine:v3.21 | gdk-pixbuf | 2.26.4-r1, 0, 2.22.0-r0 |
| Alpine:v3.13 | gdk-pixbuf | 2.32.2-r0, 2.32.1-r0, 2.31.5-r0 |
| Alpine:v3.19 | gdk-pixbuf | 2.32.1-r0, 2.22.0-r1, 2.22.0-r0 |
| Alpine:v3.5 | gdk-pixbuf | 2.22.0-r0, 2.22.0-r1, 2.22.0-r2 |
Timeline
- Mar 10, 2017 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch