CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-1000422

HIGH
8.8
CVSS Severity Score
EPSS Score0.1220%
EPSS Percentile19.77th
Published2018年1月2日
Last Modified2024年11月21日

Vulnerability Description

Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution

Affected Platforms (CPE)

📦
Gnome

Gdk Pixbuf

<= 2.36.8
💻
Debian

Debian Linux

= 7.0
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0
💻
Canonical

Ubuntu Linux

= 14.04
💻
Canonical

Ubuntu Linux

= 16.04
💻
Canonical

Ubuntu Linux

= 17.10

References & Advisories

🔗 https://bugzilla.gnome.org/show_bug.cgi?id=785973
🔗 https://lists.debian.org/debian-lts-announce/2018/01/msg00007.html
🔗 https://security.gentoo.org/glsa/201804-14
🔗 https://usn.ubuntu.com/3532-1/
🔗 https://www.debian.org/security/2018/dsa-4088
🔗 https://bugzilla.gnome.org/show_bug.cgi?id=785973
🔗 https://lists.debian.org/debian-lts-announce/2018/01/msg00007.html
🔗 https://security.gentoo.org/glsa/201804-14

関連する脆弱性情報

CVE-2011-28979.8

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

CVE-2021-446488.8

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image dat...

CVE-2021-202408.8

A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a...

CVE-2017-124477.8

GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial ...