CVE-2015-4491: Buffer Overflow
First published: Tue Aug 11 2015(Updated: )
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME gdk-pixbuf | <=2.31.4 | |
| Google Chrome | ||
| Mozilla Firefox | <=39.0.3 | |
| Mozilla Firefox ESR | =38.0 | |
| Mozilla Firefox ESR | =38.0.1 | |
| Mozilla Firefox ESR | =38.0.5 | |
| Mozilla Firefox ESR | =38.1.0 | |
| Linux Linux kernel | ||
| Oracle Solaris | =10 | |
| Oracle Solaris | =11.3 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =15.04 | |
| Fedoraproject Fedora | =21 | |
| Fedoraproject Fedora | =22 | |
| openSUSE openSUSE | =13.1 | |
| openSUSE openSUSE | =13.2 | |
| All of | ||
| GNOME gdk-pixbuf | <=2.31.4 | |
| Any of | ||
| Google Chrome | ||
| Mozilla Firefox | <=39.0.3 | |
| Mozilla Firefox | =38.0 | |
| Mozilla Firefox | =38.0.1 | |
| Mozilla Firefox | =38.0.5 | |
| Mozilla Firefox | =38.1.0 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.mozilla.org/security/announce/2015/mfsa2015-88.html
- https://rhn.redhat.com/errata/RHSA-2015-1586.html
- https://bugzilla.gnome.org/show_bug.cgi?id=752297
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1253206
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1242449
- https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86e
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1252290
- https://bodhi.fedoraproject.org/updates/FEDORA-2015-13925
- https://bodhi.fedoraproject.org/updates/FEDORA-2015-13926
- https://rhn.redhat.com/errata/RHSA-2015-1682.html
- https://rhn.redhat.com/errata/RHSA-2015-1694.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1252290
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html
- http://rhn.redhat.com/errata/RHSA-2015-1586.html
- http://rhn.redhat.com/errata/RHSA-2015-1682.html
- http://rhn.redhat.com/errata/RHSA-2015-1694.html
- http://www.debian.org/security/2015/dsa-3337
- http://www.mozilla.org/security/announce/2015/mfsa2015-88.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.securitytracker.com/id/1033247
- http://www.securitytracker.com/id/1033372
- http://www.ubuntu.com/usn/USN-2702-1
- http://www.ubuntu.com/usn/USN-2702-2
- http://www.ubuntu.com/usn/USN-2702-3
- http://www.ubuntu.com/usn/USN-2712-1
- http://www.ubuntu.com/usn/USN-2722-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1184009
- https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
- https://security.gentoo.org/glsa/201512-05
- https://security.gentoo.org/glsa/201605-06
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-4491
- agent/last-modified-date
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/gnome
- canonical/gnome gdk-pixbuf
- version/gnome gdk-pixbuf/2.31.4
- vendor/google
- canonical/google chrome
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/39.0.3
- canonical/mozilla firefox esr
- version/mozilla firefox esr/38.0
- version/mozilla firefox esr/38.0.1
- version/mozilla firefox esr/38.0.5
- version/mozilla firefox esr/38.1.0
- vendor/linux
- canonical/linux linux kernel
- vendor/oracle
- canonical/oracle solaris
- version/oracle solaris/10
- version/oracle solaris/11.3
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/15.04
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/21
- version/fedoraproject fedora/22
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/13.1
- version/opensuse opensuse/13.2
- version/mozilla firefox/38.0
- version/mozilla firefox/38.0.1
- version/mozilla firefox/38.0.5
- version/mozilla firefox/38.1.0