CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
90.2%
Package : gtk+2.0
Version : 2.20.1-2+deb6u2
CVE ID : CVE-2015-4491 CVE-2015-7673 CVE-2015-7674
Gustavo Grieco discovered different security issues in Gtk+2.0's
gdk-pixbuf.
CVE-2015-4491
Heap overflow when processing BMP images which may allow to execute
of arbitrary code via malformed images.
CVE-2015-7673
Heap overflow when processing TGA images which may allow execute
arbitrary code or denial of service (process crash) via malformed
images.
CVE-2015-7674
Integer overflow when processing GIF images which may allow to
execute arbitrary code or denial of service (process crash) via
malformed image.
For Debian 6 "Squeeze", these issues have been fixed in gtk+2.0 version
2.20.1-2+deb6u2. We recommend you to upgrade your gtk+2.0 packages.
Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/
Attachment:
signature.asc
Description: Digital signature