Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-4491

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Published

2015-08-16T01:59:19.143

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-189

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnome	gdk-pixbuf	≤ 2.31.4	Yes
Application	google	chrome	-	No
Application	mozilla	firefox	≤ 39.0.3	No
Application	mozilla	firefox	38.0	No
Application	mozilla	firefox	38.0.1	No
Application	mozilla	firefox	38.0.5	No
Application	mozilla	firefox	38.1.0	No
Operating System	linux	linux_kernel	*	No
Operating System	oracle	solaris	10	Yes
Operating System	oracle	solaris	11.3	Yes
Operating System	canonical	ubuntu_linux	12.04	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	15.04	Yes
Operating System	fedoraproject	fedora	21	Yes
Operating System	fedoraproject	fedora	22	Yes
Operating System	opensuse	opensuse	13.1	Yes
Operating System	opensuse	opensuse	13.2	Yes

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html ([email protected])
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html ([email protected])
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html ([email protected])
http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1586.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1682.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1694.html ([email protected])
http://www.debian.org/security/2015/dsa-3337 ([email protected])
http://www.mozilla.org/security/announce/2015/mfsa2015-88.html Vendor Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html Third Party Advisory ([email protected])
http://www.securitytracker.com/id/1033247 ([email protected])
http://www.securitytracker.com/id/1033372 ([email protected])
http://www.ubuntu.com/usn/USN-2702-1 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/USN-2702-2 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/USN-2702-3 ([email protected])
http://www.ubuntu.com/usn/USN-2712-1 ([email protected])
http://www.ubuntu.com/usn/USN-2722-1 ([email protected])
https://bugzilla.gnome.org/show_bug.cgi?id=752297 Issue Tracking ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=1184009 Issue Tracking ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1252290 Issue Tracking ([email protected])
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199 ([email protected])
https://security.gentoo.org/glsa/201512-05 ([email protected])
https://security.gentoo.org/glsa/201605-06 ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1586.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1682.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1694.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2015/dsa-3337 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2015/mfsa2015-88.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1033247 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1033372 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2702-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2702-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2702-3 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2712-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2722-1 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.gnome.org/show_bug.cgi?id=752297 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1184009 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1252290 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199 (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201512-05 (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201605-06 (af854a3a-2127-422b-91ae-364da2661108)