[3.5] gdk-pixbuf: Multiple vulnerabilities (CVE-2017-6311, CVE-2017-6312, CVE-2017-6313, CVE-2017-6314)
CVE-2017-6311: NULL dereference on gdk-pixbuf thumbnailer
References:
https://bugzilla.gnome.org/show\_bug.cgi?id=778204
http://seclists.org/oss-sec/2017/q1/466
http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
CVE-2017-6312: Out-of-bounds read in io-ico.c
References:
https://bugzilla.gnome.org/show\_bug.cgi?id=779012
http://seclists.org/oss-sec/2017/q1/466
http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
CVE-2017-6313: Integer underflow in io-icns.c
References:
https://bugzilla.gnome.org/show\_bug.cgi?id=779016
http://seclists.org/oss-sec/2017/q1/466
http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
CVE-2017-6314: Infinite loop in io-tiff.c
References:
https://bugzilla.gnome.org/show\_bug.cgi?id=779020
http://seclists.org/oss-sec/2017/q1/466
http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
(from redmine: issue id 6955, created on 2017-03-03, closed on 2017-06-29)
- Relations:
- parent #6953 (closed)
- Changesets:
- Revision 249b5942 on 2017-06-16T08:35:25Z:
main/gdk-pixbuf: security fixes (CVE-2017-6311, CVE-2017-6312, CVE-2017-6314)
Partially fixes #6955
CVE-2017-6313: fix N/A, https://bugzilla.gnome.org/show_bug.cgi?id=779016