Detections
Analytics
Debian DSA-3378-1 : gdk-pixbuf - security update
medium Nessus Plugin ID 86581
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer manipulation. The Common Vulnerabilities and Exposures project identifies the following problems :- CVE-2015-7673 Gustavo Grieco discovered a heap overflow in the processing of TGA images which may result in the execution of arbitrary code or denial of service (process crash) if a malformed image is opened.
- CVE-2015-7674 Gustavo Grieco discovered an integer overflow flaw in the processing of GIF images which may result in the execution of arbitrary code or denial of service (process crash) if a malformed image is opened.
Solution
Upgrade the gdk-pixbuf packages.For the oldstable distribution (wheezy), these problems have been fixed in version 2.26.1-1+deb7u2.
For the stable distribution (jessie), these problems have been fixed in version 2.31.1-2+deb8u3.
See Also
https://security-tracker.debian.org/tracker/CVE-2015-7673
https://security-tracker.debian.org/tracker/CVE-2015-7674
https://packages.debian.org/source/wheezy/gdk-pixbuf
Plugin Details
Severity: Medium
ID: 86581
File Name: debian_DSA-3378.nasl
Version: 2.5
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 10/26/2015
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:gdk-pixbuf, cpe:/o:debian:debian_linux:8.0, cpe:/o:debian:debian_linux:7.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Patch Publication Date: 10/24/2015
Reference Information
CVE: CVE-2015-7673, CVE-2015-7674
DSA: 3378