VDB

CVE-2017-2862

CVE-2017-2862 PUBLISHED

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.

EPSS 4.56% · 89.4th percentile

Risk Scores

EPSS Score
4.56%
89.4th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSgdk-pixbuf0, 2.32.1-1, 2.32.2-1
Ubuntu:14.04:LTSgdk-pixbuf0, 2.28.1-1ubuntu2, 2.30.0-0ubuntu2

Timeline

  • Sep 5, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 18, 2025 EPSS Score
  • Mar 19, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Apr 6, 2025 EPSS Score
  • Apr 7, 2025 EPSS Score
  • Apr 16, 2025 EPSS Score
  • Apr 17, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›