Integer Underflow in gdk-pixbuf Leading to Denial of Service
CVE-2017-6313

7.1HIGH

Key Information:

Vendor

Gnome
Status
Gdk-pixbuf
Vendor
CVE Published:
10 March 2017

What is CVE-2017-6313?

The gdk-pixbuf library contains an integer underflow vulnerability within the load_resources function in io-icns.c. This flaw allows context-dependent attackers to manipulate image entry sizes in ICO files, potentially resulting in an out-of-bounds read, which can crash the program and lead to a denial of service. Proper validation mechanisms are crucial to prevent exploitation of this vulnerability and ensure the stability of applications relying on image processing via gdk-pixbuf.

References

http://www.openwall.com/lists/oss-security/2017/02/21/4
mailing-listx_refsource_MLIST
https://bugzilla.gnome.org/show_bug.cgi?id=779016
x_refsource_MISC
http://www.securityfocus.com/bid/96779
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.