CVE-2015-4491
Description
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
4.296
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update for SeaMonkey (2.35) | Windows |
| Update for Mozilla Firefox (40.0) | Windows |
| Update for Mozilla Firefox (40.0.2) | Windows |
| Update for Mozilla Firefox (40.0.3) | Windows |
| Update for Mozilla Firefox ESR (38.2.1) | Windows |
| Update for Mozilla Thunderbird (38.2.0) | Windows |
| GDK Pixbuf library (USN-2722-1) libgdk-pixbuf2.0-0_2.31.3-1ubuntu0.2_i386.deb | Linux |
| GDK Pixbuf library (USN-2722-1) libgdk-pixbuf2.0-0_2.31.3-1ubuntu0.2_amd64.deb | Linux |
| Gdk-pixbuf2 security update (CESA-2015:1694) gdk-pixbuf2-2.24.1-6.el6_7.i686.rpm | Linux |
| Gdk-pixbuf2 security update (CESA-2015:1694) gdk-pixbuf2-2.24.1-6.el6_7.x86_64.rpm | Linux |
| Gdk-pixbuf2 security update (CESA-2015:1694) gdk-pixbuf2-devel-2.24.1-6.el6_7.i686.rpm | Linux |
| Gdk-pixbuf2 security update (CESA-2015:1694) gdk-pixbuf2-devel-2.24.1-6.el6_7.x86_64.rpm | Linux |
| (RHSA-2015:1694) Moderate: gdk-pixbuf2 security update gdk-pixbuf2-2.24.1-6.el6_7.i686.rpm | Linux |
| (RHSA-2015:1694) Moderate: gdk-pixbuf2 security update gdk-pixbuf2-2.24.1-6.el6_7.x86_64.rpm | Linux |
| (RHSA-2015:1694) Moderate: gdk-pixbuf2 security update gdk-pixbuf2-2.28.2-5.el7_1.i686.rpm | Linux |
| (RHSA-2015:1694) Moderate: gdk-pixbuf2 security update gdk-pixbuf2-2.28.2-5.el7_1.x86_64.rpm | Linux |
| (RHSA-2015:1694) Moderate: gdk-pixbuf2 security update gdk-pixbuf2-devel-2.24.1-6.el6_7.i686.rpm | Linux |
| (RHSA-2015:1694) Moderate: gdk-pixbuf2 security update gdk-pixbuf2-devel-2.24.1-6.el6_7.x86_64.rpm | Linux |
| (RHSA-2015:1694) Moderate: gdk-pixbuf2 security update gdk-pixbuf2-devel-2.28.2-5.el7_1.i686.rpm | Linux |
| (RHSA-2015:1694) Moderate: gdk-pixbuf2 security update gdk-pixbuf2-devel-2.28.2-5.el7_1.x86_64.rpm | Linux |
| SUSE-SU-2018:2145-1(SUSE Linux Enterprise Desktop 12-SP3 ) gdk-pixbuf-debugsource-2.34.0-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2018:2145-1(SUSE Linux Enterprise Desktop 12-SP3 ) gdk-pixbuf-lang-2.34.0-19.14.2.noarch.rpm | Linux |
| SUSE-SU-2018:2145-1(SUSE Linux Enterprise Desktop 12-SP3 ) gdk-pixbuf-query-loaders-2.34.0-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2018:2145-1(SUSE Linux Enterprise Desktop 12-SP3 ) gdk-pixbuf-query-loaders-32bit-2.34.0-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2018:2145-1(SUSE Linux Enterprise Desktop 12-SP3 ) gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2018:2145-1(SUSE Linux Enterprise Desktop 12-SP3 ) gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2018:2145-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgdk_pixbuf-2_0-0-2.34.0-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2018:2145-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgdk_pixbuf-2_0-0-32bit-2.34.0-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2018:2145-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2018:2145-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2018:2145-1(SUSE Linux Enterprise Desktop 12-SP3 ) typelib-1_0-GdkPixbuf-2_0-2.34.0-19.14.2.x86_64.rpm | Linux |
| SUSE-SU-2015:1787-1(SUSE Linux Enterprise Desktop 11-SP3 ) gtk2-2.18.9-0.35.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1787-1(SUSE Linux Enterprise Desktop 11-SP3 ) gtk2-32bit-2.18.9-0.35.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1787-1(SUSE Linux Enterprise Server 11-SP3 ) gtk2-doc-2.18.9-0.35.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1787-1(SUSE Linux Enterprise Desktop 11-SP3 ) gtk2-lang-2.18.9-0.35.1.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-301494 | Update for SeaMonkey (2.35) |
| PATCH-302181 | Update for Mozilla Firefox (40.0) |
| PATCH-302182 | Update for Mozilla Firefox (40.0.2) |
| PATCH-302183 | Update for Mozilla Firefox (40.0.3) |
| PATCH-302284 | Update for Mozilla Firefox ESR (38.2.1) |
| PATCH-302489 | Update for Mozilla Thunderbird (38.2.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234