Advisories ยป MGASA-2018-0016

Updated gdk-pixbuf2.0 packages fix security vulnerability

Publication date: 01 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-2862 , CVE-2017-2870 , CVE-2017-6311 , CVE-2017-6312 , CVE-2017-6313 , CVE-2017-6314

Description

JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability
(CVE-2017-2862).

tiff_image_parse Code Execution Vulnerability (CVE-2017-2870).

Ariel Zelivansky discovered that the GDK-PixBuf library did not properly
handle printing certain error messages. If an user or automated system were
tricked into opening a specially crafted image file, a remote attacker
could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of
service (CVE-2017-6311).

Out-of-bounds read on io-ico.c (CVE-2017-6312).

A dangerous integer underflow in io-icns.c (CVE-2017-6313).

Infinite loop in io-tiff.c (CVE-2017-6314).

Note, the CVE-2017-2862, CVE-2017-2870, and CVE-2017-6311 issues only
affected Mageia 5.
                

References

SRPMS

5/core

6/core