CVE-2015-7673Improper Restriction of Operations within the Bounds of a Memory Buffer in Gdk-pixbuf

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow9 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
2.4%
top 15.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gnome Gdk-pixbufOpensuse
Timeline
PublishedOct 26
Latest updateMay 14

Description

io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

Debiangnome/gdk-pixbuf< 2.32.0-1+3
Ubuntugnome/gdk-pixbuf< 2.30.7-0ubuntu1.2
NVDgnome/gdk-pixbuf2.31.4

Patches

Patch: www.ubuntu.comPatch: www.ubuntu.com

🔴Vulnerability Details

4
GHSA
GHSA-92p7-v927-945m: io-tga2022-05-14
CVEList
CVE-2015-7673: io-tga2015-10-26
OSV
CVE-2015-7673: io-tga2015-10-26
OSV
gdk-pixbuf vulnerabilities2015-10-13

📋Vendor Advisories

3
Ubuntu
GDK-PixBuf vulnerabilities2015-10-13
Red Hat
gdk-pixbuf: Heap overflow and DoS vulnerability when scaling a TGA file2015-10-01
Debian
CVE-2015-7673: gdk-pixbuf - io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation faile...2015

💬Community

1
Bugzilla
CVE-2015-7673 gdk-pixbuf: Heap overflow and DoS vulnerability when scaling a TGA file2015-09-10
CVE-2015-7673 — Gnome Gdk-pixbuf vulnerability | cvebase