6.8

CVE-2015-4491

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeGdk-pixbuf Version <= 2.31.4
   GoogleChrome Version-
   MozillaFirefox Version <= 39.0.3
   MozillaFirefox Version38.0
   MozillaFirefox Version38.0.1
   MozillaFirefox Version38.0.5
   MozillaFirefox Version38.1.0
   LinuxLinux Kernel
OracleSolaris Version10
OracleSolaris Version11.3
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
FedoraprojectFedora Version21
FedoraprojectFedora Version22
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.4% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Third Party Advisory
https://security.gentoo.org/glsa/201605-06
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
http://rhn.redhat.com/errata/RHSA-2015-1586.html
http://rhn.redhat.com/errata/RHSA-2015-1682.html
http://www.securitytracker.com/id/1033247
http://www.securitytracker.com/id/1033372
http://www.ubuntu.com/usn/USN-2702-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2702-2
Third Party Advisory
http://www.ubuntu.com/usn/USN-2702-3
http://www.ubuntu.com/usn/USN-2712-1
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html
http://rhn.redhat.com/errata/RHSA-2015-1694.html
http://www.debian.org/security/2015/dsa-3337
http://www.mozilla.org/security/announce/2015/mfsa2015-88.html
Vendor Advisory
http://www.ubuntu.com/usn/USN-2722-1
https://bugzilla.gnome.org/show_bug.cgi?id=752297
Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1184009
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1252290
Issue Tracking
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
https://security.gentoo.org/glsa/201512-05