CVE-2016-6352 (retired)

Priority
Description
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows
remote attackers to cause a denial of service (out-of-bounds write and
crash) via crafted dimensions in an ICO file.
Notes
 sbeattie> gdk-pixbuf report notes that this may not be necessary
for precise, as the reproducer doesn't crash with 2.26. Also,
patch does not apply cleanly to precise's 2.26.1 version.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.32.2-1ubuntu1.2)
Patches:
Upstream:https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599
Upstream:https://git.gnome.org/browse/gdk-pixbuf/commit/?id=17aff883dde5325cbd20cc3677f096010f55bf3c (test image)
More Information

Updated: 2019-08-23 09:11:21 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)