CVE-2015-7673
published 2015-10-26CVE-2015-7673: io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
5.45%
91.7th percentile
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdk-pixbuf | < gdk-pixbuf 2.32.0-1 (bookworm) | gdk-pixbuf 2.32.0-1 (bookworm) |
| debian | gtk+2.0 | < gdk-pixbuf 2.32.0-1 (bookworm) | gdk-pixbuf 2.32.0-1 (bookworm) |
| gnome | gdk-pixbuf | <= 2.31.4 | — |
| gnome | gdk-pixbuf | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | gdk-pixbuf | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | gdk-pixbuf | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | gdk-pixbuf | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | gdk-pixbuf | >= 0 < 2.30.7-0ubuntu1.2 | 2.30.7-0ubuntu1.2 |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-92p7-v927-945m: io-tga
ghsa_unreviewed·2022-05-14
CVE-2015-7673 [MEDIUM] CWE-119 GHSA-92p7-v927-945m: io-tga
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
OSV
CVE-2015-7673: io-tga
osv·2015-10-26·CVSS 6.8
CVE-2015-7673 [MEDIUM] CVE-2015-7673: io-tga
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
OSV
gdk-pixbuf vulnerabilities
osv·2015-10-13·CVSS 6.8
CVE-2015-7673 [MEDIUM] gdk-pixbuf vulnerabilities
gdk-pixbuf vulnerabilities
Gustavo Grieco discovered that the GDK-PixBuf library did not properly
handle scaling tga image files, leading to a heap overflow. If a
user or automated system were tricked into opening a tga image file,
a remote attacker could use this flaw to cause GDK-PixBuf to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-7673)
Gustavo Grieco discovered that the GDK-PixBuf library contained
an integer overflow when handling certain GIF images. If a user
or automated system were tricked into opening a GIF image file,
a remote attacker could use this flaw to cause GDK-PixBuf to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-7674)
Ubuntu
GDK-PixBuf vulnerabilities
vendor_ubuntu·2015-10-13·CVSS 6.8
CVE-2015-7673 [MEDIUM] GDK-PixBuf vulnerabilities
Title: GDK-PixBuf vulnerabilities
Summary: GDK-PixBuf could be made to crash or run programs as your login if it
opened a specially crafted file.
Gustavo Grieco discovered that the GDK-PixBuf library did not properly
handle scaling tga image files, leading to a heap overflow. If a
user or automated system were tricked into opening a tga image file,
a remote attacker could use this flaw to cause GDK-PixBuf to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-7673)
Gustavo Grieco discovered that the GDK-PixBuf library contained
an integer overflow when handling certain GIF images. If a user
or automated system were tricked into opening a GIF image file,
a remote attacker could use this flaw to cause GDK-PixBuf to crash,
resulting in a denial of service
Red Hat
gdk-pixbuf: Heap overflow and DoS vulnerability when scaling a TGA file
vendor_redhat·2015-10-01·CVSS 6.8
CVE-2015-7673 [MEDIUM] CWE-122 gdk-pixbuf: Heap overflow and DoS vulnerability when scaling a TGA file
gdk-pixbuf: Heap overflow and DoS vulnerability when scaling a TGA file
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
Package: gdk-pixbuf (Red Hat Enterprise Linux 5) - Will not fix
Package: gdk-pixbuf2 (Red Hat Enterprise Linux 6) - Not affected
Package: gdk-pixbuf2 (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2015-7673: gdk-pixbuf - io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation faile...
vendor_debian·2015·CVSS 6.8
CVE-2015-7673 [MEDIUM] CVE-2015-7673: gdk-pixbuf - io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation faile...
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
Scope: local
bookworm: resolved (fixed in 2.32.0-1)
bullseye: resolved (fixed in 2.32.0-1)
forky: resolved (fixed in 2.32.0-1)
sid: resolved (fixed in 2.32.0-1)
trixie: resolved (fixed in 2.32.0-1)
No detection rules found.
No public exploits indexed.
http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.0.newshttp://lists.opensuse.org/opensuse-updates/2016-03/msg00124.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00006.htmlhttp://www.debian.org/security/2015/dsa-3378http://www.openwall.com/lists/oss-security/2015/10/01/3http://www.openwall.com/lists/oss-security/2015/10/02/9http://www.securityfocus.com/bid/76953http://www.ubuntu.com/usn/USN-2767-1https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811dhttps://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387ehttps://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267chttps://security.gentoo.org/glsa/201512-05http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.0.newshttp://lists.opensuse.org/opensuse-updates/2016-03/msg00124.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00006.htmlhttp://www.debian.org/security/2015/dsa-3378http://www.openwall.com/lists/oss-security/2015/10/01/3http://www.openwall.com/lists/oss-security/2015/10/02/9http://www.securityfocus.com/bid/76953http://www.ubuntu.com/usn/USN-2767-1https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811dhttps://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387ehttps://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267chttps://security.gentoo.org/glsa/201512-05
2015-10-26
Published