cbcvebase.
CVE-2017-2870
published 2017-09-05

CVE-2017-2870: An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted…

PriorityP339high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
2.61%
83.5th percentile
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiangdk-pixbuf< gdk-pixbuf 2.36.10-1 (bookworm)gdk-pixbuf 2.36.10-1 (bookworm)
gnomegdk-pixbuf
gnomegdk-pixbuf
gnomegdk-pixbuf>= 0 < 2.36.10-12.36.10-1
gnomegdk-pixbuf>= 0 < 2.36.10-12.36.10-1
gnomegdk-pixbuf>= 0 < 2.36.10-12.36.10-1
gnomegdk-pixbuf>= 0 < 2.36.10-12.36.10-1
gnomegdk-pixbuf>= 0 < 2.30.7-0ubuntu1.72.30.7-0ubuntu1.7
gnomegdk-pixbuf>= 0 < 2.32.2-1ubuntu1.32.32.2-1ubuntu1.3

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8LOW
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.