CVE-2015-7552
published 2016-04-18CVE-2015-7552: Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or…
PriorityP338high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
3.87%
88.9th percentile
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdk-pixbuf | < gdk-pixbuf 2.32.0-1 (bookworm) | gdk-pixbuf 2.32.0-1 (bookworm) |
| gnome | gdk-pixbuf | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | gdk-pixbuf | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | gdk-pixbuf | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | gdk-pixbuf | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | gdk-pixbuf | >= 0 < 2.30.7-0ubuntu1.6 | 2.30.7-0ubuntu1.6 |
| gnome | gdk-pixbuf | >= 0 < 2.32.2-1ubuntu1.2 | 2.32.2-1ubuntu1.2 |
| opensuse | opensuse | — | — |
| paloalto | pan-os | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cj35-69m2-vfwm: Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale
ghsa_unreviewed·2022-05-14
CVE-2015-7552 [HIGH] CWE-119 GHSA-cj35-69m2-vfwm: Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
OSV
gdk-pixbuf vulnerabilities
osv·2016-09-21·CVSS 7.8
CVE-2015-7552 [HIGH] gdk-pixbuf vulnerabilities
gdk-pixbuf vulnerabilities
It was discovered that the GDK-PixBuf library did not properly handle specially
crafted bmp images, leading to a heap-based buffer overflow. If a user or
automated system were tricked into opening a specially crafted bmp file, a
remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting
in a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-7552)
It was discovered that the GDK-PixBuf library contained an integer overflow
when handling certain images. If a user or automated system were tricked into
opening a crafted image file, a remote attacker could use this flaw to cause
GDK-PixBuf to crash, resulting in a denial of service, or possibly execute
arbitrary code. This
OSV
CVE-2015-7552: Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale
osv·2016-04-18·CVSS 7.8
CVE-2015-7552 [HIGH] CVE-2015-7552: Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-09-04·CVSS 6.0
CVE-2010-1622 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-2021-0134, CVE-2021-4044, CVE-2021-4160, CVE-2021-41773, CVE-2022-1343, CVE-2022-21449, CVE-2022-2274, CVE-2022-22963, CVE-2022-22965, CVE-2022-24697, CVE-2022-32207, CVE-2022-3358, CVE-2022-3996, CVE-2022-40664, CVE-2022-44792, CVE-2022-44793, CVE-2023-1255, CVE-2023-22809, CVE-2023-23919, CVE-2023-3341, CVE-2023-4236, CVE-2023-4863, CVE-2023-51767
Affected products: PAN-OS
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-09-04·CVSS 6.0
CVE-2022-22965 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-2021-0134, CVE-2021-4044, CVE-2021-4160, CVE-2021-41773, CVE-2022-1343, CVE-2022-21449, CVE-2022-2274, CVE-2022-22963, CVE-2022-22965, CVE-2022-24697, CVE-2022-32207, CVE-2022-3358, CVE-2022-3996, CVE-2022-40664, CVE-2022-44792, CVE-2022-44793, CVE-2023-1255, CVE-2023-22809, CVE-2023-23919, CVE-2023-3341, CVE-2023-4236, CVE-2023-4863, CVE-2023-51767
Affected products: PAN-OS
Ubuntu
GDK-PixBuf vulnerabilities
vendor_ubuntu·2016-09-21·CVSS 7.8
CVE-2015-7552 [HIGH] GDK-PixBuf vulnerabilities
Title: GDK-PixBuf vulnerabilities
Summary: GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file.
It was discovered that the GDK-PixBuf library did not properly handle specially
crafted bmp images, leading to a heap-based buffer overflow. If a user or
automated system were tricked into opening a specially crafted bmp file, a
remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting
in a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-7552)
It was discovered that the GDK-PixBuf library contained an integer overflow
when handling certain images. If a user or automated system were tricked into
opening a crafted image file, a remote attacker coul
Red Hat
gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function
vendor_redhat·2016-01-25·CVSS 7.8
CVE-2015-7552 [HIGH] CWE-122 gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function
gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
Package: gdk-pixbuf2 (Red Hat Enterprise Linux 6) - Not affected
Package: mingw-virt-viewer (Red Hat Enterprise Virtualization 3) - Will not fix
Debian
CVE-2015-7552: gdk-pixbuf - Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c...
vendor_debian·2015·CVSS 7.8
CVE-2015-7552 [HIGH] CVE-2015-7552: gdk-pixbuf - Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c...
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
Scope: local
bookworm: resolved (fixed in 2.32.0-1)
bullseye: resolved (fixed in 2.32.0-1)
forky: resolved (fixed in 2.32.0-1)
sid: resolved (fixed in 2.32.0-1)
trixie: resolved (fixed in 2.32.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-7552 mingw-gdk-pixbuf: gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function [fedora-all]
bugzilla·2016-09-23·CVSS 7.8
CVE-2015-7552 [HIGH] CVE-2015-7552 mingw-gdk-pixbuf: gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function [fedora-all]
CVE-2015-7552 mingw-gdk-pixbuf: gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue a
Bugzilla
CVE-2015-7552 gdk-pixbuf2: gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function [fedora-all]
bugzilla·2016-09-23·CVSS 7.8
CVE-2015-7552 [HIGH] CVE-2015-7552 gdk-pixbuf2: gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function [fedora-all]
CVE-2015-7552 gdk-pixbuf2: gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affect
Bugzilla
CVE-2015-7552 mingw-gdk-pixbuf: gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function [epel-7]
bugzilla·2016-09-23·CVSS 7.8
CVE-2015-7552 [HIGH] CVE-2015-7552 mingw-gdk-pixbuf: gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function [epel-7]
CVE-2015-7552 mingw-gdk-pixbuf: gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automaticall
Bugzilla
CVE-2015-7552 gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function
bugzilla·2016-09-23·CVSS 7.8
CVE-2015-7552 [HIGH] CVE-2015-7552 gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function
CVE-2015-7552 gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x was found that can cause DoS via crafted BMP file.
Discussion:
Acknowledgments:
Name: Gustavo Grieco
---
Created gdk-pixbuf2 tracking bugs for this issue:
Affects: fedora-all [bug 1378896]
---
Created mingw-gdk-pixbuf tracking bugs for this issue:
Affects: fedora-all [bug 1378897]
Affects: epel-7 [bug 1378898]
---
Upstream patch:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f68cb78a5277f169b9531e6998c00c7976594e4
gdk-pixbuf 2.31.7 includes this fix.
---
Fix was included in man later upstream branches, including gdk-pixbuf-2.36.0 which was rebased in rhel-7.4:
https://gitlab.gnome.or
http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00006.htmlhttp://www.debian.org/security/2016/dsa-3589http://www.ubuntu.com/usn/USN-3085-1https://bugzilla.suse.com/show_bug.cgi?id=958963https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00006.htmlhttp://www.debian.org/security/2016/dsa-3589http://www.ubuntu.com/usn/USN-3085-1https://bugzilla.suse.com/show_bug.cgi?id=958963https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/
2016-04-18
Published