CVE-2015-4491

 

Published at: - 16-08-2015 03:59

Last modified: - 23-01-2023 07:44

Total changes: - 9

Description

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• http://www.mozilla.org/security/announce/2015/mfsa2015-88.html
• https://bugzilla.mozilla.org/show_bug.cgi?id=1184009
• https://bugzilla.redhat.com/show_bug.cgi?id=1252290
• https://bugzilla.gnome.org/show_bug.cgi?id=752297
• https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
• openSUSE-SU-2015:1389-Third Party Advisory
• USN-2702-2-Third Party Advisory
• openSUSE-SU-2015:1390-Third Party Advisory
• USN-2702-1-Third Party Advisory
• FEDORA-2015-14011-Third Party Advisory
• FEDORA-2015-14010-Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
• GLSA-201605-06-
• SUSE-SU-2015:2081-
• GLSA-201512-05-
• 1033372-
• RHSA-2015:1694-
• openSUSE-SU-2015:1500-
• openSUSE-SU-2015:1454-
• openSUSE-SU-2015:1453-
• SUSE-SU-2015:1528-
• SUSE-SU-2015:1449-
• FEDORA-2015-13926-
• FEDORA-2015-13925-
• USN-2722-1-
• USN-2712-1-
• USN-2702-3-
• 1033247-
• DSA-3337-
• RHSA-2015:1682-
• RHSA-2015:1586-

 

Keywords

NVD

 

CVE-2015-4491

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures