PublicDateAtUSN: 2015-10-02
Candidate: CVE-2015-7674
PublicDate: 2015-10-26 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674
 http://www.openwall.com/lists/oss-security/2015/10/01/4
 https://ubuntu.com/security/notices/USN-2767-1
Description:
 Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in
 gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of
 service (application crash) and possibly execute arbitrary code via a
 crafted GIF image file, which triggers a heap-based buffer overflow.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: sbeattie
CVSS: 

Patches_gdk-pixbuf:
 upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa
upstream_gdk-pixbuf: released (2.32.1)
precise_gdk-pixbuf: released (2.26.1-1ubuntu1.3)
trusty_gdk-pixbuf: released (2.30.7-0ubuntu1.2)
trusty/esm_gdk-pixbuf: DNE (trusty was released [2.30.7-0ubuntu1.2])
vivid_gdk-pixbuf: released (2.31.3-1ubuntu0.2)
devel_gdk-pixbuf: released (2.32.0-1ubuntu1)
vivid/stable-phone-overlay_gdk-pixbuf: released (2.31.3-1ubuntu0.2)
vivid/ubuntu-core_gdk-pixbuf: DNE