CVE-2015-4491: Buffer Overflow
First published: Tue Aug 11 2015(Updated: )
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| GdkPixbuf | <=2.31.4 | |
| Any of | ||
| Google Chrome | ||
| Mozilla Firefox | <=39.0.3 | |
| Mozilla Firefox | =38.0 | |
| Mozilla Firefox | =38.0.1 | |
| Mozilla Firefox | =38.0.5 | |
| Mozilla Firefox | =38.1.0 | |
| Linux kernel | ||
| Oracle Solaris SPARC | =10 | |
| Oracle Solaris SPARC | =11.3 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.04 | |
| Fedora | =21 | |
| Fedora | =22 | |
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| GdkPixbuf | <=2.31.4 | |
| Google Chrome | ||
| Mozilla Firefox | <=39.0.3 | |
| Mozilla Firefox ESR | =38.0 | |
| Mozilla Firefox ESR | =38.0.1 | |
| Mozilla Firefox ESR | =38.0.5 | |
| Mozilla Firefox ESR | =38.1.0 | |
| Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.mozilla.org/security/announce/2015/mfsa2015-88.html
- https://rhn.redhat.com/errata/RHSA-2015-1586.html
- https://bugzilla.gnome.org/show_bug.cgi?id=752297
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1253206
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1242449
- https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86e
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1252290
- https://bodhi.fedoraproject.org/updates/FEDORA-2015-13925
- https://bodhi.fedoraproject.org/updates/FEDORA-2015-13926
- https://rhn.redhat.com/errata/RHSA-2015-1682.html
- https://rhn.redhat.com/errata/RHSA-2015-1694.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1252290
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html
- http://rhn.redhat.com/errata/RHSA-2015-1586.html
- http://rhn.redhat.com/errata/RHSA-2015-1682.html
- http://rhn.redhat.com/errata/RHSA-2015-1694.html
- http://www.debian.org/security/2015/dsa-3337
- http://www.mozilla.org/security/announce/2015/mfsa2015-88.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.securitytracker.com/id/1033247
- http://www.securitytracker.com/id/1033372
- http://www.ubuntu.com/usn/USN-2702-1
- http://www.ubuntu.com/usn/USN-2702-2
- http://www.ubuntu.com/usn/USN-2702-3
- http://www.ubuntu.com/usn/USN-2712-1
- http://www.ubuntu.com/usn/USN-2722-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1184009
- https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
- https://security.gentoo.org/glsa/201512-05
- https://security.gentoo.org/glsa/201605-06
Frequently Asked Questions
What is the severity of CVE-2015-4491?
CVE-2015-4491 has a high severity level due to its potential to allow remote code execution.
How do I fix CVE-2015-4491?
To fix CVE-2015-4491, upgrade gdk-pixbuf to version 2.31.5 or later.
Which software is affected by CVE-2015-4491?
CVE-2015-4491 affects gdk-pixbuf versions before 2.31.5, as well as specific versions of Mozilla Firefox and some Linux distributions.
Can I still use older versions of Firefox with CVE-2015-4491?
Using older versions of Firefox impacted by CVE-2015-4491 poses a security risk and is not recommended.
Is CVE-2015-4491 related to any specific operating systems?
CVE-2015-4491 specifically affects certain versions of Oracle Solaris, Ubuntu, Fedora, and openSUSE.
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-4491
- agent/event
- agent/author
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/gnome
- canonical/gdkpixbuf
- version/gdkpixbuf/2.31.4
- vendor/google
- canonical/google chrome
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/39.0.3
- version/mozilla firefox/38.0
- version/mozilla firefox/38.0.1
- version/mozilla firefox/38.0.5
- version/mozilla firefox/38.1.0
- vendor/linux
- canonical/linux kernel
- vendor/oracle
- canonical/oracle solaris sparc
- version/oracle solaris sparc/10
- version/oracle solaris sparc/11.3
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.04
- vendor/fedoraproject
- canonical/fedora
- version/fedora/21
- version/fedora/22
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.1
- version/opensuse/13.2
- canonical/mozilla firefox esr
- version/mozilla firefox esr/38.0
- version/mozilla firefox esr/38.0.1
- version/mozilla firefox esr/38.0.5
- version/mozilla firefox esr/38.1.0