cbcvebase.
CVE-2016-6352
published 2016-10-03

CVE-2016-6352: The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted…

PriorityP337high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
3.85%
88.8th percentile
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.

Affected

13 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiangdk-pixbuf< gdk-pixbuf 2.35.4-1 (bookworm)gdk-pixbuf 2.35.4-1 (bookworm)
gnomegdk-pixbuf<= 2.35.2
gnomegdk-pixbuf>= 0 < 2.35.4-12.35.4-1
gnomegdk-pixbuf>= 0 < 2.35.4-12.35.4-1
gnomegdk-pixbuf>= 0 < 2.35.4-12.35.4-1
gnomegdk-pixbuf>= 0 < 2.35.4-12.35.4-1
gnomegdk-pixbuf>= 0 < 2.30.7-0ubuntu1.62.30.7-0ubuntu1.6
gnomegdk-pixbuf>= 0 < 2.32.2-1ubuntu1.22.32.2-1ubuntu1.2
opensuseleap
opensuseopensuse

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.