[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-4491

Date: (C)2015-08-18   (M)2017-10-12
 
CVSS Score: 6.8Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Reference:
SECTRACK-1033247
SECTRACK-1033372
DSA-3337
FEDORA-2015-13925
FEDORA-2015-13926
FEDORA-2015-14010
FEDORA-2015-14011
GLSA-201512-05
GLSA-201605-06
RHSA-2015:1586
RHSA-2015:1682
RHSA-2015:1694
SUSE-SU-2015:1449
SUSE-SU-2015:1528
SUSE-SU-2015:2081
USN-2702-1
USN-2702-2
USN-2702-3
USN-2712-1
USN-2722-1
http://www.mozilla.org/security/announce/2015/mfsa2015-88.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://bugzilla.gnome.org/show_bug.cgi?id=752297
https://bugzilla.mozilla.org/show_bug.cgi?id=1184009
https://bugzilla.redhat.com/show_bug.cgi?id=1252290
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
openSUSE-SU-2015:1389
openSUSE-SU-2015:1390
openSUSE-SU-2015:1453
openSUSE-SU-2015:1454
openSUSE-SU-2015:1500

CPE    8
cpe:/o:fedoraproject:fedora:21
cpe:/o:fedoraproject:fedora:22
cpe:/o:novell:opensuse:13.1
cpe:/o:novell:opensuse:13.2
...
CWE    1
CWE-189
OVAL    29
oval:org.secpod.oval:def:501642
oval:org.secpod.oval:def:26784
oval:org.secpod.oval:def:203689
oval:org.secpod.oval:def:1501130
...

© 2013 SecPod Technologies