Severity
Medium
Vendor
GDK Pixbuf
Versions Affected
- Ubuntu 14.04
Description
Gustavo Grieco discovered that the GDK-PixBuf library did not properly handle scaling tga image files, leading to a heap overflow. If a user or automated system were tricked into opening a tga image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7673)
Gustavo Grieco discovered that the GDK-PixBuf library contained an integer overflow when handling certain GIF images. If a user or automated system were tricked into opening a GIF image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7674)
The Cloud Foundry project released a cflinuxfs2 rootfs stack that has the patched version of OpenSSH.
Affected Products and Versions
Severity is medium unless otherwise noted.
- All versions of Cloud Foundry cflinuxfs2 prior to 1.11.0 have versions of the library vulnerable to USN-2767-1.
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.11.0 or later versions.
Credit
Gustavo Grieco