cbcvebase.
CVE-2015-4491
published 2015-08-16

CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x…

PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
8.40%
94.3th percentile
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Affected

19 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiangdk-pixbuf< gdk-pixbuf 2.31.7-1 (bookworm)gdk-pixbuf 2.31.7-1 (bookworm)
debiangtk+2.0< gdk-pixbuf 2.31.7-1 (bookworm)gdk-pixbuf 2.31.7-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
gnomegdk-pixbuf<= 2.31.4
gnomegdk-pixbuf>= 0 < 2.31.7-12.31.7-1
gnomegdk-pixbuf>= 0 < 2.31.7-12.31.7-1
gnomegdk-pixbuf>= 0 < 2.31.7-12.31.7-1
gnomegdk-pixbuf>= 0 < 2.31.7-12.31.7-1
mozillafirefox>= 0 < 40.0+build4-0ubuntu0.14.04.140.0+build4-0ubuntu0.14.04.1
mozillafirefox>= 0 < 40.0+build4-0ubuntu0.14.04.440.0+build4-0ubuntu0.14.04.4
mozillathunderbird>= 0 < 1:38.2.0+build1-0ubuntu0.14.04.11:38.2.0+build1-0ubuntu0.14.04.1
opensuseopensuse
opensuseopensuse
oraclesolaris
oraclesolaris

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv10.0CRITICAL
vendor_ubuntu10.0CRITICAL
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.