CVE-2015-4491
published 2015-08-16CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
8.40%
94.3th percentile
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | gdk-pixbuf | < gdk-pixbuf 2.31.7-1 (bookworm) | gdk-pixbuf 2.31.7-1 (bookworm) |
| debian | gtk+2.0 | < gdk-pixbuf 2.31.7-1 (bookworm) | gdk-pixbuf 2.31.7-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gnome | gdk-pixbuf | <= 2.31.4 | — |
| gnome | gdk-pixbuf | >= 0 < 2.31.7-1 | 2.31.7-1 |
| gnome | gdk-pixbuf | >= 0 < 2.31.7-1 | 2.31.7-1 |
| gnome | gdk-pixbuf | >= 0 < 2.31.7-1 | 2.31.7-1 |
| gnome | gdk-pixbuf | >= 0 < 2.31.7-1 | 2.31.7-1 |
| mozilla | firefox | >= 0 < 40.0+build4-0ubuntu0.14.04.1 | 40.0+build4-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 40.0+build4-0ubuntu0.14.04.4 | 40.0+build4-0ubuntu0.14.04.4 |
| mozilla | thunderbird | >= 0 < 1:38.2.0+build1-0ubuntu0.14.04.1 | 1:38.2.0+build1-0ubuntu0.14.04.1 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| oracle | solaris | — | — |
| oracle | solaris | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv10.0CRITICAL
vendor_ubuntu10.0CRITICAL
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GDK-PixBuf vulnerability
vendor_ubuntu·2015-08-26
CVE-2015-4491 GDK-PixBuf vulnerability
Title: GDK-PixBuf vulnerability
Summary: GDK-PixBuf could be made to crash or run programs as your login if it
opened a specially crafted file.
Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling
bitmap images. If a user or automated system were tricked into opening a
BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
Instructions: After a standard system update you need to restart your session to make
all the necessary changes.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2015-08-25·CVSS 10.0
CVE-2015-4473 [CRITICAL] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory
safety issues in Thunderbird. If a user were tricked in to opening a
specially crafted message, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges ofthe user invoking Thunderbird. (CVE-2015-4473)
Ronald Crane reported 3 security issues. If a user were tricked in to
opening a specially crafted message, an attacker could potentially
exploit these, in combination with another security vulnerability, to
cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Thunderbird. (CVE-
Ubuntu
Firefox regression
vendor_ubuntu·2015-08-20·CVSS 10.0
[CRITICAL] Firefox regression
Title: Firefox regression
Summary: USN-2702-1 introduced a regression in Firefox.
USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users
in the US reported that their default search engine switched to Yahoo.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,
Chris Coulson, and Eric Rahm discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)
Aki Helin discovered an out-of-bounds read when play
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2015-08-11·CVSS 10.0
CVE-2015-4473 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,
Chris Coulson, and Eric Rahm discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)
Aki Helin discovered an out-of-bounds read when playing malformed MP3
content in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
obtain sensitive informatio
Ubuntu
Ubufox update
vendor_ubuntu·2015-08-11·CVSS 10.0
[CRITICAL] Ubufox update
Title: Ubufox update
Summary: This update provides compatible packages for Firefox 40.
USN-2702-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Ubufox.
Original advisory details:
Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,
Chris Coulson, and Eric Rahm discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)
Aki Helin discovered an out-of-bounds read when playing malformed MP3
content in some circumstances. If a user were tricked in to opening a
specially craft
Red Hat
Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)
vendor_redhat·2015-08-11·CVSS 6.8
CVE-2015-4491 [MEDIUM] CWE-122 Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)
Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf li
Debian
CVE-2015-4491: gdk-pixbuf - Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pix...
vendor_debian·2015·CVSS 6.8
CVE-2015-4491 [MEDIUM] CVE-2015-4491: gdk-pixbuf - Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pix...
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
Scope: local
bookworm: resolved (fixed in 2.31.7-1)
bullseye: resolved (fixed in 2.31.7-1)
forky: resolved (fixed in 2.31.7-1)
sid: resolved (fixed in 2.31.7-1)
trixie: resolved (fixed in 2.31.7-1)
GHSA
GHSA-735c-hqgj-f846: Integer overflow in the make_filter_table function in pixops/pixops
ghsa_unreviewed·2022-05-14
CVE-2015-4491 [MEDIUM] GHSA-735c-hqgj-f846: Integer overflow in the make_filter_table function in pixops/pixops
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
OSV
thunderbird vulnerabilities
osv·2015-08-25·CVSS 10.0
CVE-2015-4473 [CRITICAL] thunderbird vulnerabilities
thunderbird vulnerabilities
Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory
safety issues in Thunderbird. If a user were tricked in to opening a
specially crafted message, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges ofthe user invoking Thunderbird. (CVE-2015-4473)
Ronald Crane reported 3 security issues. If a user were tricked in to
opening a specially crafted message, an attacker could potentially
exploit these, in combination with another security vulnerability, to
cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Thunderbird. (CVE-2015-4487,
CVE-2015-4488, CVE-2015-4489)
Gustavo Grieco discovered
OSV
firefox regression
osv·2015-08-20·CVSS 10.0
[CRITICAL] firefox regression
firefox regression
USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users
in the US reported that their default search engine switched to Yahoo.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,
Chris Coulson, and Eric Rahm discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)
Aki Helin discovered an out-of-bounds read when playing malformed MP3
content in some circumstances. If a user were
OSV
CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops
osv·2015-08-16·CVSS 6.8
CVE-2015-4491 [MEDIUM] CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
OSV
firefox vulnerabilities
osv·2015-08-11·CVSS 10.0
CVE-2015-4473 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,
Chris Coulson, and Eric Rahm discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)
Aki Helin discovered an out-of-bounds read when playing malformed MP3
content in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
obtain sensitive information, cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user in
OSV
ubufox update
osv·2015-08-11·CVSS 10.0
[CRITICAL] ubufox update
ubufox update
USN-2702-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Ubufox.
Original advisory details:
Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,
Chris Coulson, and Eric Rahm discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)
Aki Helin discovered an out-of-bounds read when playing malformed MP3
content in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
obtain sensitive
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-4491 gdk-pixbuf2: Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88) [fedora-all]
bugzilla·2015-08-13·CVSS 6.8
CVE-2015-4491 [MEDIUM] CVE-2015-4491 gdk-pixbuf2: Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88) [fedora-all]
CVE-2015-4491 gdk-pixbuf2: Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issu
Bugzilla
CVE-2015-4491 Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)
bugzilla·2015-08-11·CVSS 6.8
CVE-2015-4491 [MEDIUM] CVE-2015-4491 Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)
CVE-2015-4491 Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)
Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf affecting Linux systems using Gnome. This issue is triggered by the scaling of a malformed bitmap format image and results in a potentially exploitable crash.
This issue only affects Linux systems running Gnome. Windows and OS X operating systems are unaffected.
External Reference:
https://www.mozilla.org/security/announce/2015/mfsa2015-88.html
Acknowledgements:
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.htmlhttp://lists.opensuse.org/opensuse-updates/2015-08/msg00030.htmlhttp://lists.opensuse.org/opensuse-updates/2015-08/msg00031.htmlhttp://lists.opensuse.org/opensuse-updates/2015-09/msg00002.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1586.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1682.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1694.htmlhttp://www.debian.org/security/2015/dsa-3337http://www.mozilla.org/security/announce/2015/mfsa2015-88.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.securitytracker.com/id/1033247http://www.securitytracker.com/id/1033372http://www.ubuntu.com/usn/USN-2702-1http://www.ubuntu.com/usn/USN-2702-2http://www.ubuntu.com/usn/USN-2702-3http://www.ubuntu.com/usn/USN-2712-1http://www.ubuntu.com/usn/USN-2722-1https://bugzilla.gnome.org/show_bug.cgi?id=752297https://bugzilla.mozilla.org/show_bug.cgi?id=1184009https://bugzilla.redhat.com/show_bug.cgi?id=1252290https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199https://security.gentoo.org/glsa/201512-05https://security.gentoo.org/glsa/201605-06http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.htmlhttp://lists.opensuse.org/opensuse-updates/2015-08/msg00030.htmlhttp://lists.opensuse.org/opensuse-updates/2015-08/msg00031.htmlhttp://lists.opensuse.org/opensuse-updates/2015-09/msg00002.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1586.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1682.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1694.htmlhttp://www.debian.org/security/2015/dsa-3337http://www.mozilla.org/security/announce/2015/mfsa2015-88.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.securitytracker.com/id/1033247http://www.securitytracker.com/id/1033372http://www.ubuntu.com/usn/USN-2702-1http://www.ubuntu.com/usn/USN-2702-2http://www.ubuntu.com/usn/USN-2702-3http://www.ubuntu.com/usn/USN-2712-1http://www.ubuntu.com/usn/USN-2722-1https://bugzilla.gnome.org/show_bug.cgi?id=752297https://bugzilla.mozilla.org/show_bug.cgi?id=1184009https://bugzilla.redhat.com/show_bug.cgi?id=1252290https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199https://security.gentoo.org/glsa/201512-05https://security.gentoo.org/glsa/201605-06
2015-08-16
Published