CVE Vulnerabilities

CVE-2015-4491

Published: Aug 16, 2015 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
6.8 IMPORTANT
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Affected Software

Name Vendor Start Version End Version
Gdk-pixbuf Gnome * 2.31.4 (including)
Firefox Ubuntu devel *
Firefox Ubuntu precise *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu vivid *
Gdk-pixbuf Ubuntu devel *
Gdk-pixbuf Ubuntu precise *
Gdk-pixbuf Ubuntu trusty *
Gdk-pixbuf Ubuntu upstream *
Gdk-pixbuf Ubuntu vivid *
Gdk-pixbuf Ubuntu vivid/stable-phone-overlay *
Thunderbird Ubuntu devel *
Thunderbird Ubuntu precise *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu upstream *
Thunderbird Ubuntu vivid *
Red Hat Enterprise Linux 5 RedHat firefox-0:38.2.0-4.el5_11 *
Red Hat Enterprise Linux 5 RedHat thunderbird-0:38.2.0-4.el5_11 *
Red Hat Enterprise Linux 6 RedHat firefox-0:38.2.0-4.el6_7 *
Red Hat Enterprise Linux 6 RedHat thunderbird-0:38.2.0-4.el6_7 *
Red Hat Enterprise Linux 6 RedHat gdk-pixbuf2-0:2.24.1-6.el6_7 *
Red Hat Enterprise Linux 7 RedHat firefox-0:38.2.0-4.el7_1 *
Red Hat Enterprise Linux 7 RedHat thunderbird-0:38.2.0-1.ael7b_1 *
Red Hat Enterprise Linux 7 RedHat gdk-pixbuf2-0:2.28.2-5.ael7b_1 *

References