SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2015-4491

Date: (C)2015-08-18 (M)2018-05-28

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1033247

SECTRACK-1033372

FEDORA-2015-13925

FEDORA-2015-13926

FEDORA-2015-14010

FEDORA-2015-14011

SUSE-SU-2015:1449

SUSE-SU-2015:1528

SUSE-SU-2015:2081

http://www.mozilla.org/security/announce/2015/mfsa2015-88.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

https://bugzilla.gnome.org/show_bug.cgi?id=752297

https://bugzilla.mozilla.org/show_bug.cgi?id=1184009

https://bugzilla.redhat.com/show_bug.cgi?id=1252290

https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199

openSUSE-SU-2015:1389

openSUSE-SU-2015:1390

openSUSE-SU-2015:1453

openSUSE-SU-2015:1454

openSUSE-SU-2015:1500

cpe:/o:oracle:solaris:10
cpe:/o:canonical:ubuntu_linux:15.04
cpe:/o:fedoraproject:fedora:21
cpe:/o:fedoraproject:fedora:22
...

oval:org.secpod.oval:def:702722
oval:org.secpod.oval:def:702711
oval:org.secpod.oval:def:702714
oval:org.secpod.oval:def:203689
...

© SecPod Technologies