GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Apr 17, 2018 7:26 pm Post subject: [ GLSA 201804-14 ] GDK-PixBuf |
|
|
Gentoo Linux Security Advisory
Title: GDK-PixBuf: Remote code execution (GLSA 201804-14)
Severity: normal
Exploitable: remote
Date: 2018-04-17
Bug(s): #644770
ID: 201804-14
Synopsis
A vulnerability has been found in GDK-PixBuf that may allow a
remote attacker to execute arbitrary code.
Background
GDK-PixBuf is an image loading library for GTK+.
Affected Packages
Package: x11-libs/gdk-pixbuf
Vulnerable: < 2.36.11
Unaffected: >= 2.36.11
Architectures: All supported architectures
Description
Several integer overflows were discovered in GDK-PixBuf’s gif_get_lzw
function.
Impact
A remote attacker, by enticing a user to process a specially crafted
image file, could execute arbitrary code or cause a Denial of Service
condition.
Workaround
There is no known workaround at this time.
Resolution
All GDK-PixBuf users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/gdk-pixbuf-2.36.11"
|
References
CVE-2017-1000422
|
|