SB2017061609 - Infinite loop in atkmm (Alpine package)
Published: June 16, 2017
Security Bulletin ID
SB2017061609
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Infinite loop (CVE-ID: CVE-2017-6314)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=c6ae18e7608278ccc34da1513db7bb718258add3
- https://git.alpinelinux.org/aports/commit/?id=e789927826b09e9833b6d752a0199780845107f9
- https://git.alpinelinux.org/aports/commit/?id=6a6c4ec15fc9ecf1d8bfe0d963f273b02740a251
- https://git.alpinelinux.org/aports/commit/?id=34beb0c38596e2e22c2004c89a5e119f7fd90b8d
- https://git.alpinelinux.org/aports/commit/?id=4abc00725b8070f30c7814bf02e0e9f4ebfe0f62
- https://git.alpinelinux.org/aports/commit/?id=249b5942e644803e9281d0fa78bf9c2f3edd6897
- https://git.alpinelinux.org/aports/commit/?id=26a3b95946a05fe95c71daa086edbaad40c866ba
- https://git.alpinelinux.org/aports/commit/?id=3fcc32c9ff95c730f11a5370f3db849a273fb08a
- https://git.alpinelinux.org/aports/commit/?id=d956004900d9326ce7cb43af37f2a79907f8f994
- https://git.alpinelinux.org/aports/commit/?id=e316d123f313509137f4eb26ae3ba6b2266a9e93