cbcvebase.
CVE-2015-7674
published 2015-10-26

CVE-2015-7674: Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service…

PriorityP434medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
5.80%
92.2th percentile
Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.

Affected

12 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiangdk-pixbuf< gdk-pixbuf 2.32.1-1 (bookworm)gdk-pixbuf 2.32.1-1 (bookworm)
debiangtk+2.0< gdk-pixbuf 2.32.1-1 (bookworm)gdk-pixbuf 2.32.1-1 (bookworm)
gnomegdk-pixbuf<= 2.32.0
gnomegdk-pixbuf>= 0 < 2.32.1-12.32.1-1
gnomegdk-pixbuf>= 0 < 2.32.1-12.32.1-1
gnomegdk-pixbuf>= 0 < 2.32.1-12.32.1-1
gnomegdk-pixbuf>= 0 < 2.32.1-12.32.1-1
gnomegdk-pixbuf>= 0 < 2.30.7-0ubuntu1.22.30.7-0ubuntu1.2
opensuseopensuse

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.