CVE-2017-2862 — Out-of-bounds Write in Gdk-pixbuf
Severity
7.8HIGHNVD
EPSS
5.7%
top 9.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 5
Latest updateMay 13
Description
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
▶CVEListV5gnome/gdk-pixbuf2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc libjpeg-turbo 1.5.2
Also affects: Debian Linux 8.0
🔴Vulnerability Details
4GHSA▶
GHSA-cmxv-cq8h-57g4: An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2↗2022-05-13
CVEList▶
CVE-2017-2862: An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2↗2017-09-05
OSV▶
CVE-2017-2862: An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2↗2017-09-05
📋Vendor Advisories
3💬Community
1Bugzilla▶
CVE-2017-2862 gdk-pixbuf2: Heap overflow in the gdk_pixbuf__jpeg_image_load_increment function↗2017-09-06