Executive Summary

Summary
Title GDK-PixBuf vulnerability
Informations
NameUSN-3912-1First vendor Publication2019-03-20
VendorUbuntuLast vendor Modification2019-03-20
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file.

Software Description: - gdk-pixbuf: GDK Pixbuf library

Details:

It was discovered that the GDK-PixBuf library did not properly handle certain BMP images. If an user or automated system were tricked into opening a specially crafted BMP file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS:
libgdk-pixbuf2.0-0 2.32.2-1ubuntu1.6

After a standard system update you need to restart your session to make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3912-1
CVE-2017-12447

Package Information:
https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.32.2-1ubuntu1.6

Original Source

Url : http://www.ubuntu.com/usn/USN-3912-1

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1
Os1

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2019-03-20 21:18:43
  • First insertion