MGASA-2018-0016

Description

Updated gdk-pixbuf2.0 packages fix security vulnerability JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability (CVE-2017-2862). tiff_image_parse Code Execution Vulnerability (CVE-2017-2870). Ariel Zelivansky discovered that the GDK-PixBuf library did not properly handle printing certain error messages. If an user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service (CVE-2017-6311). Out-of-bounds read on io-ico.c (CVE-2017-6312). A dangerous integer underflow in io-icns.c (CVE-2017-6313). Infinite loop in io-tiff.c (CVE-2017-6314). Note, the CVE-2017-2862, CVE-2017-2870, and CVE-2017-6311 issues only affected Mageia 5.

Affected Systems

• mageia•gdk-pixbuf2.0

  < 2.32.3-1.1.mga5

• mageia•gdk-pixbuf2.0

  < 2.36.10-1.1.mga6

References (4)

• https://advisories.mageia.org/MGASA-2018-0016.html
• https://bugs.mageia.org/show_bug.cgi?id=21680
• https://usn.ubuntu.com/usn/usn-3418-1/
• https://lists.opensuse.org/opensuse-updates/2017-09/msg00031.html