[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-4491

Date: (C)2015-08-18   (M)2017-11-18 


Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

CVSS Score: 6.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1033247
SECTRACK-1033372
DSA-3337
FEDORA-2015-13925
FEDORA-2015-13926
FEDORA-2015-14010
FEDORA-2015-14011
GLSA-201512-05
GLSA-201605-06
RHSA-2015:1586
RHSA-2015:1682
RHSA-2015:1694
SUSE-SU-2015:1449
SUSE-SU-2015:1528
SUSE-SU-2015:2081
USN-2702-1
USN-2702-2
USN-2702-3
USN-2712-1
USN-2722-1
http://www.mozilla.org/security/announce/2015/mfsa2015-88.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://bugzilla.gnome.org/show_bug.cgi?id=752297
https://bugzilla.mozilla.org/show_bug.cgi?id=1184009
https://bugzilla.redhat.com/show_bug.cgi?id=1252290
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
openSUSE-SU-2015:1389
openSUSE-SU-2015:1390
openSUSE-SU-2015:1453
openSUSE-SU-2015:1454
openSUSE-SU-2015:1500

CPE    8
cpe:/o:novell:opensuse:13.2
cpe:/o:fedoraproject:fedora:21
cpe:/o:fedoraproject:fedora:22
cpe:/o:canonical:ubuntu_linux:15.04
...
CWE    1
CWE-189
OVAL    29
oval:org.secpod.oval:def:501642
oval:org.secpod.oval:def:26784
oval:org.secpod.oval:def:203689
oval:org.secpod.oval:def:1501130
...

© 2013 SecPod Technologies