CVE-2017-2870 — Integer Overflow or Wraparound in Gdk-pixbuf

CWE-190 — Integer Overflow or Wraparound11 documents9 sources

Severity

7.8HIGHNVD

EPSS

3.1%

top 13.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Gdk-pixbuf Debian Linux

Timeline

PublishedSep 5

Latest updateMay 13

Description

An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Debiangnome/gdk-pixbuf< 2.36.10-1+3

▶CVEListV5gnome/gdk-pixbuf2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc compiled with clang -O3 flag libtiff 4.0.6

▶NVDgnome/gdk-pixbuf2.36.6

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-8frw-r4fr-c96p: An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2↗2022-05-13

▶

OSV

gdk-pixbuf vulnerabilities↗2017-09-18

▶

OSV

CVE-2017-2870: An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2↗2017-09-05

▶

CVEList

CVE-2017-2870: An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2↗2017-09-05

▶

📋Vendor Advisories

Ubuntu

GDK-PixBuf vulnerabilities↗2017-09-18

▶

Debian

CVE-2017-2870: gdk-pixbuf - An exploitable integer overflow vulnerability exists in the tiff_image_parse fun...↗2017

▶

Red Hat

gdk-pixbuf2: Integer overflow in tiff_image_parse function↗2016-09-07

▶

💬Community

Bugzilla

CVE-2017-2870 gdk-pixbuf2: Integer overflow in tiff_image_parse function↗2017-08-30

▶