VDB
GCVE-VVD-MAGEIA-2018-16
GCVE-VVD-MAGEIA-2018-16
Advisory Published
JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability
(CVE-2017-2862).
tiff_image_parse Code Execution Vulnerability (CVE-2017-2870).
Ariel Zelivansky discovered that the GDK-PixBuf library did not properly
handle printing certain error messages. If an user or automated system were
tricked into opening a specially crafted image file, a remote attacker
could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of
service (CVE-2017-6311).
Out-of-bounds read on io-ico.c (CVE-2017-6312).
A dangerous integer underflow in io-icns.c (CVE-2017-6313).
Infinite loop in io-tiff.c (CVE-2017-6314).
Note, the CVE-2017-2862, CVE-2017-2870, and CVE-2017-6311 issues only
affected Mageia 5.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | gdk-pixbuf2.0 | 0 (affected), 2.36.10-1.1.mga6 (unaffected) | — |
| Mageia | gdk-pixbuf2.0 | 0 (affected), 2.32.3-1.1.mga5 (unaffected) | — |
| Mageia | purple-facebook | 0 (affected), 0.9.5-1.mga6 (unaffected) | — |
Aliases
Transitive aliases
OPENSUSE-SU-2024:10779-1GSD-2017-6314CNVD-2017-03887CVE-2020-29385GSD-2020-29385SUSE-SU-2017:2381-1CNVD-2017-03708GHSA-mwm7-gxmj-5gmfGHSA-mj7j-vpm3-62gcBDU:2024-02767GHSA-wf85-g3p6-xf4hSUSE-SU-2018:2470-1GHSA-8frw-r4fr-c96pGSD-2017-6311GHSA-7g6q-p622-3mgrGHSA-c8q7-3fq2-cvvgGHSA-cmxv-cq8h-57g4SUSE-SU-2021:0184-1OPENSUSE-SU-2021:0150-1
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.