CVE-2017-12447 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Gdk-pixbuf

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400 — Uncontrolled Resource Consumption11 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 45.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Gdk-pixbuf Gnome Nautilus

Timeline

PublishedMar 7

Latest updateMay 14

Description

GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Debiangnome/gdk-pixbuf< 2.34.0-1+3

▶NVDgnome/nautilus3.14.3

▶NVDgnome/gdk-pixbuf2.32.2

🔴Vulnerability Details

GHSA

GHSA-5737-crgv-prwm: GdkPixBuf (aka gdk-pixbuf), possibly 2↗2022-05-14

▶

CVEList

CVE-2017-12447: GdkPixBuf (aka gdk-pixbuf), possibly 2↗2019-03-07

▶

OSV

CVE-2017-12447: GdkPixBuf (aka gdk-pixbuf), possibly 2↗2019-03-07

▶

📋Vendor Advisories

Ubuntu

GDK-PixBuf vulnerability↗2019-03-20

▶

Red Hat

gdk-pixbuf: heap-based overflow caused by invalid palette size↗2017-08-08

▶

Debian

CVE-2017-12447: gdk-pixbuf - GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on...↗2017

▶

💬Community

Bugzilla

CVE-2017-12447 gdk-pixbuf2: gdk-pixbuf: heap-based overflow caused by invalid palette size [fedora-all]↗2019-03-08

▶

Bugzilla

CVE-2017-12447 gdk-pixbuf: heap-based overflow caused by invalid palette size↗2019-03-08

▶

Bugzilla

CVE-2017-12447 mingw-gdk-pixbuf: gdk-pixbuf: heap-based overflow caused by invalid palette size [fedora-all]↗2019-03-08

▶

Bugzilla

CVE-2017-12447 mingw-gdk-pixbuf: gdk-pixbuf: heap-based overflow caused by invalid palette size [epel-7]↗2019-03-08

▶