CVE-2017-6312

Priority
Low
Description
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent
attackers to cause a denial of service (segmentation fault and application
crash) via a crafted image entry offset in an ICO file, which triggers an
out-of-bounds read, related to compiler optimizations.
References
Bugs
Notes
 tyhicks> As of 2017-09-13, no upstream fix available
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was deferred [2017-09-13])
Ubuntu 14.04 LTS (Trusty Tahr):released (2.30.7-0ubuntu1.8)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.32.2-1ubuntu1.4)
Ubuntu 17.10 (Artful Aardvark):released (2.36.11-1ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):needed
More Information

Updated: 2018-01-15 20:14:20 UTC (commit 14008)