[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 450-1] gdk-pixbuf security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : gdk-pixbuf
Version        : 2.26.1-1+deb7u4
CVE ID         : CVE-2015-7552 CVE-2015-7674

A heap-based buffer overflow has been discovered in gdk-pixbuf, a
library for image loading and saving facilities, fast scaling and
compositing of pixbufs, that allows remote attackers to cause a denial
of service or possibly execute arbitrary code via a crafted BMP file.

This update also fixes an incomplete patch for CVE-2015-7674.

CVE-2015-7552
    Heap-based buffer overflow in the gdk_pixbuf_flip function in
    gdk-pixbuf-scale.c in gdk-pixbuf allows remote attackers to cause a
    denial of service or possibly execute arbitrary code via a crafted
    BMP file.


CVE-2015-7674
    Integer overflow in the pixops_scale_nearest function in
    pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers
    to cause a denial of service (application crash) and possibly
    execute arbitrary code via a crafted GIF image file, which triggers
    a heap-based buffer overflow.

For Debian 7 "Wheezy", these problems have been fixed in version
2.26.1-1+deb7u4.

We recommend that you upgrade your gdk-pixbuf packages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJXJPRZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HksSsP/1Sc3VMZHkTZ0O2kAw89XL9r
U9QBosMyPpjG/gWBwIjxzBmYqiCFsHh8LVifQGB87ycMOS8M66pOl54VBL9tggQe
XSB7e/R2sVSpgk/is/SU+GubYfqZuOJyDvkmuPOcJGBT55RWZOCeD/tJ1cAoO9NJ
ns3kL0BBRAbp1bHyRKBUWtOBcbznwRbJcOi95g+O8PdIGoa7CPGzp6EqBs0nHiMs
LszhgXc5JJBE8TeYNSZniFxCEa6Ob1tlPlGk5endEZfdyf1OKZ/P/Mx2wj6Cr3Oo
JiZ10A86wEZx5BaC0qqKYeERC7cSImEj9KrZdtgWfkXqftUgMHONhrfvwukqbkFa
TEwarE8O/yncbSDwzYZzRbrWYzLD7IJdkp1drYciBe8LwtfTmN1Tk3Y+kL72Ld5u
WhvI8Nnj5twukf7ZdRqsxN/8j80EYxxvEdXebMt6iTeUjdStF1ojZHZS2K9/gr3O
fmY1iMDJ+9uncdEFS1FdKZgQh4F82Jcxe0+QMRr434TYbQFV+MVoN6qokPqHFeA5
lmtUsT4Yt+hs0shcGLPibLpSH8OSJ1Qg7sgwfPzlZ3pm33HAGqQOFAZ/QnfVQ/iG
qtS/59EYwXQM6LqkZjluolEvGLHlHOCJKAsrd4nVAxdF+92rrEGUul+HeoQAts4Q
iNvjk0bXXsmzCZ53NJuN
=wvUe
-----END PGP SIGNATURE-----


Reply to: