cbcvebase.
CVE-2015-7673
published 2015-10-26

CVE-2015-7673: io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based…

PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
5.45%
91.7th percentile
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.

Affected

9 ranges
VendorProductVersion rangeFixed in
debiangdk-pixbuf< gdk-pixbuf 2.32.0-1 (bookworm)gdk-pixbuf 2.32.0-1 (bookworm)
debiangtk+2.0< gdk-pixbuf 2.32.0-1 (bookworm)gdk-pixbuf 2.32.0-1 (bookworm)
gnomegdk-pixbuf<= 2.31.4
gnomegdk-pixbuf>= 0 < 2.32.0-12.32.0-1
gnomegdk-pixbuf>= 0 < 2.32.0-12.32.0-1
gnomegdk-pixbuf>= 0 < 2.32.0-12.32.0-1
gnomegdk-pixbuf>= 0 < 2.32.0-12.32.0-1
gnomegdk-pixbuf>= 0 < 2.30.7-0ubuntu1.22.30.7-0ubuntu1.2
opensuseopensuse

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.