[3.2] gdk-pixbuf: Multiple vulnerabilities (CVE-2017-6311, CVE-2017-6312, CVE-2017-6313, CVE-2017-6314)
CVE-2017-6311: NULL dereference on gdk-pixbuf thumbnailer
References:
https://bugzilla.gnome.org/show\_bug.cgi?id=778204
http://seclists.org/oss-sec/2017/q1/466
http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
CVE-2017-6312: Out-of-bounds read in io-ico.c
References:
https://bugzilla.gnome.org/show\_bug.cgi?id=779012
http://seclists.org/oss-sec/2017/q1/466
http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
CVE-2017-6313: Integer underflow in io-icns.c
References:
https://bugzilla.gnome.org/show\_bug.cgi?id=779016
http://seclists.org/oss-sec/2017/q1/466
http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
CVE-2017-6314: Infinite loop in io-tiff.c
References:
https://bugzilla.gnome.org/show\_bug.cgi?id=779020
http://seclists.org/oss-sec/2017/q1/466
http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
(from redmine: issue id 6958, created on 2017-03-03, closed on 2017-06-29)
- Relations:
- parent #6953 (closed)
- Changesets:
- Revision 3fcc32c9 on 2017-06-16T08:57:04Z:
main/gdk-pixbuf: security fix (CVE-2017-6314)
Partially fixes #6958
CVE-2017-6311-2: patches don't apply
CVE-2017-6313: fix N/A, https://bugzilla.gnome.org/show_bug.cgi?id=779016