Integer Overflow Vulnerability in Gnome gdk-pixbuf Affects Multiple Versions
CVE-2017-1000422

8.8HIGH

Key Information:

Vendor

Gnome
Status
Gdk-pixbuf
Vendor
CVE Published:
2 January 2018

What is CVE-2017-1000422?

Gnome gdk-pixbuf versions 2.36.8 and older are susceptible to an integer overflow in the gif_get_lzw function. This vulnerability can cause memory corruption, which an attacker could exploit to execute arbitrary code on affected systems. Addressing this issue is critical for maintaining the security integrity of applications relying on gdk-pixbuf.

References

https://bugzilla.gnome.org/show_bug.cgi?id=785973
x_refsource_CONFIRM
https://www.debian.org/security/2018/dsa-4088
vendor-advisoryx_refsource_DEBIAN
https://usn.ubuntu.com/3532-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.