Heap Overflow Vulnerability in Gdk-Pixbuf Affects Remote Code Execution
CVE-2017-2862

8.8HIGH

Key Information:

Vendor: Gnome
Status: Gdk-pixbuf
Vendor: CVE Published:; 5 September 2017

What is CVE-2017-2862?

A heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. By sending a specially crafted JPEG file or URL, an attacker can exploit this vulnerability, leading to potential remote code execution. Proper sanitation of image input is essential to mitigate the risks associated with this issue.

Affected Version(s)

Gdk-Pixbuf 2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc libjpeg-turbo 1.5.2

References

http://www.debian.org/security/2017/dsa-3978

vendor-advisoryx_refsource_DEBIAN

http://www.securityfocus.com/bid/100541

vdb-entryx_refsource_BID

https://www.talosintelligence.com/vulnerability_reports/T...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2017
Vulnerability Reserved
Dec 1, 2016

Gnome

What is CVE-2017-2862?

Affected Version(s)

References

CVSS V3.1

Timeline