CVE-2016-6352Out-of-bounds Write in Gdk-pixbuf

CWE-787Out-of-bounds Write8 documents8 sources
Severity
7.5HIGHNVD
EPSS
1.6%
top 18.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Gnome Gdk-pixbufCanonical Ubuntu LinuxOpensuse Leap+1 more
Timeline
PublishedOct 3
Latest updateMay 13

Description

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

Debiangnome/gdk-pixbuf< 2.35.4-1+3
NVDgnome/gdk-pixbuf2.35.2
NVDopensuse/leap42.1

Also affects: Ubuntu Linux 12.04, 14.04, 16.04

🔴Vulnerability Details

3
GHSA
GHSA-mrq8-qgpv-5qqv: The OneLine32 function in io-ico2022-05-13
CVEList
CVE-2016-6352: The OneLine32 function in io-ico2016-10-03
OSV
CVE-2016-6352: The OneLine32 function in io-ico2016-10-03

📋Vendor Advisories

3
Ubuntu
GDK-PixBuf vulnerabilities2016-09-21
Red Hat
gdk-pixbuf: Out-of-bounds write in OneLine32() function2016-07-13
Debian
CVE-2016-6352: gdk-pixbuf - The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote att...2016

💬Community

1
Bugzilla
CVE-2016-6352 gdk-pixbuf: Out-of-bounds write in OneLine32() function2016-06-24
CVE-2016-6352 — Out-of-bounds Write in Gnome Gdk-pixbuf | cvebase