[3.0] gdk-pixbuf: Heap overflows with a tga and gif file (CVE 2015-7673, CVE-2015-7674)
CVE-2015-7673
A heap overflow and a DoS in the gdk-pixbuf implementation
triggered by the scaling of tga file. These issues are only fixed in
the
recent release of gdk-pixbuf 2.32.0.
References:
https://security-tracker.debian.org/tracker/CVE-2015-7673
http://www.openwall.com/lists/oss-security/2015/10/02/9
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
CVE-2015-7674
A heap overflow in the gdk-pixbuf implementation triggered by the
scaling of gif file.These issues are only fixed in the recent release
of
gdk-pixbuf 2.32.1 but affects older versions.
fixed in 2.32.1 with this commit:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa
The entry in the 2.32.1 changelog is shown in:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=044bdb059a26608fa8178e16a8505eb7ef56dfd0
References:
https://security-tracker.debian.org/tracker/CVE-2015-7674
http://seclists.org/oss-sec/2015/q4/19
http://www.openwall.com/lists/oss-security/2015/10/02/10
(from redmine: issue id 4737, created on 2015-10-05, closed on 2015-12-19)
- Relations:
- parent #4733 (closed)
- Changesets:
- Revision 887adbc5 by Natanael Copa on 2015-12-16T12:16:53Z:
main/gdk-pixbuf: security upgrade to 2.32.2
ref #4733
fixes #4737