Main Vulnerability Database SB2018072022

SB2018072022 - OpenSUSE Linux update for gdk-pixbuf

Published: July 20, 2018 Updated: July 24, 2018

Security Bulletin ID SB2018072022

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer overflow (CVE-ID: CVE-2017-1000422)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the gif_get_lzw function due to integer overflow. A local attacker can trick the victim into processing a specially crafted image file, trigger memory corruption, cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00025.html