SUSE-SU-2018:2470-1 -- SLES gtk2ID: oval:org.secpod.oval:def:89002215 | Date: (C)2021-02-26 (M)2023-01-03 |
Class: PATCH | Family: unix |
This update for gtk2 provides the following fixes: These security issues were fixed: - CVE-2017-6312: Prevent integer overflow that allowed context-dependent attackers to cause a denial of service via a crafted image entry offset in an ICO file . - CVE-2017-6314: The make_available_at_least function allowed context-dependent attackers to cause a denial of service via a large TIFF file . - CVE-2017-6313: Prevent integer underflow in the load_resources function that allowed context-dependent attackers to cause a denial of service via a crafted image entry size in an ICO file . - CVE-2017-2862: Prevent heap overflow in the gdk_pixbuf__jpeg_image_load_increment function. A specially crafted jpeg file could have caused a heap overflow resulting in remote code execution - CVE-2017-2870: Prevent integer overflow in the tiff_image_parse functionality. A specially crafted tiff file could have caused a heap-overflow resulting in remote code execution . This non-security issue was fixed: - Prevent an infinite loop when a window is destroyed while traversed .
Platform: |
SUSE Linux Enterprise Server 11 SP4 |