Main Vulnerability Database SB2018041707

SB2018041707 - Gentoo update for GDK-PixBuf

Published: April 17, 2018

Security Bulletin ID SB2018041707

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer overflow (CVE-ID: CVE-2017-1000422)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the gif_get_lzw function due to integer overflow. A local attacker can trick the victim into processing a specially crafted image file, trigger memory corruption, cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

https://security.gentoo.org/glsa/201804-14