Download
| Alert*
oval:org.secpod.oval:def:89002215
This update for gtk2 provides the following fixes: These security issues were fixed: - CVE-2017-6312: Prevent integer overflow that allowed context-dependent attackers to cause a denial of service via a crafted image entry offset in an ICO file . - CVE-2017-6314: The make_available_at_least functio ... oval:org.secpod.oval:def:89044989 This update for gdk-pixbuf fixes the following issues: - CVE-2017-2862: JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability - CVE-2017-2870: tiff_image_parse Code Execution Vulnerability - CVE-2017-6313: A dangerous integer underflow in io-icns.c - CVE-2017-6314: Infinite loop ... oval:org.secpod.oval:def:2001148 An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. oval:org.secpod.oval:def:51901 gdk-pixbuf: GDK Pixbuf library GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703812 gdk-pixbuf: GDK Pixbuf library GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. |