Integer overflow in Gnome gdk-pixbuf - CVE-2017-1000422
Published: April 26, 2018
Vulnerability identifier: #VU12188
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-1000422
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Gnome Development Team
Affected software:
Gnome gdk-pixbuf
Gnome gdk-pixbuf
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the gif_get_lzw function due to integer overflow. A local attacker can trick the victim into processing a specially crafted image file, trigger memory corruption, cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the gif_get_lzw function due to integer overflow. A local attacker can trick the victim into processing a specially crafted image file, trigger memory corruption, cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-1000422
Update to version 2.36.11.