Advisories » MGASA-2016-0322

Updated gdk-pixbuf2.0 packages fix security vulnerability

Publication date: 25 Sep 2016
Modification date: 25 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-6352

Description

A write out-of-bounds parsing an ico file was found in gdk-pixbuf. A
maliciously crafted file can cause the application to crash (CVE-2016-6352).

The gdk-pixbuf2.0 package has been updated to version 2.32.3 and patched to fix
this issue, and a few other possible security issues.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19070
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6352
• https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?h=gdk-pixbuf-2-32&id=c09a36169fdb97fcb937acc7c08909b1fb99e952
• https://lists.opensuse.org/opensuse-updates/2016-09/msg00040.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6352

SRPMS

5/core

• gdk-pixbuf2.0-2.32.3-1.mga5