USN-2722-1 GDK-PixBuf Vulnerabilities

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

libgdk-pixbuf2.0-0 2.30.7-0ubuntu1.1

Description

It was discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.

Affected Products and Versions

Severity is medium unless otherwise noted.

Cloud Foundry Runtime: all versions of cf-release prior to 214 are vulnerable to the aforementioned CVEs.

Mitigation

Users of affected versions should apply the following mitigation:

The Cloud Foundry project recommends that Cloud Foundry Deployments using cf-release 214 or lower upgrade to 215 or higher to resolve the aforementioned CVEs.

Credit

Gustavo Grieco

References

http://www.ubuntu.com/usn/usn-2722-1/
https://bosh.io/stemcells
https://github.com/cloudfoundry/cf-release

USN-2722-1 GDK-PixBuf Vulnerabilities

Severity

Vendor

Versions Affected

Description

Affected Products and Versions

Mitigation

Credit

References

You Might Also Like

USN-6513-2: Python vulnerability

USN-5366-1: FriBidi vulnerabilities

CVE-2022-22965: UAA affected by Spring Framework RCE via Data Binding on JDK 9+

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!