Buffer overflow in Gnome Gdk-pixbuf

CVE-2015-7673

io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a craf…

Vulnerability class: Buffer Overflow

EPSS: 0.024 (85.3th percentile) — read the EPSS interpretation.

Affected products

Gnome Gdk-pixbuf
Opensuse — versions 13.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM)
[oss-security] 20151001 CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 (mailing-list, x_refsource_MLIST)
76953 (vdb-entry, x_refsource_BID)
openSUSE-SU-2016:1467 (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM)
openSUSE-SU-2016:0897 (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM)
USN-2767-1 (x_refsource_UBUNTU, vendor-advisory, Patch)
[oss-security] 20151002 Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 (mailing-list, x_refsource_MLIST)
DSA-3378 (vendor-advisory, x_refsource_DEBIAN)