Lucene search

[email protected]NVD:CVE-2017-12447

HistoryMar 07, 2019 - 11:29 p.m.

CVE-2017-12447

2019-03-0723:29:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

58.7%

JSON

GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.

Affected configurations

Nvd

Node

gnomegdk-pixbufMatch2.32.2

gnomenautilusMatch3.14.3

AND

canonicalubuntu_linuxMatch16.04

VendorProductVersionCPE
gnomegdk-pixbuf2.32.2cpe:2.3:a:gnome:gdk-pixbuf:2.32.2:*:*:*:*:*:*:*
gnomenautilus3.14.3cpe:2.3:a:gnome:nautilus:3.14.3:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnome	gdk-pixbuf	2.32.2	cpe:2.3:a:gnome:gdk-pixbuf:2.32.2:::::::*
gnome	nautilus	3.14.3	cpe:2.3:a:gnome:nautilus:3.14.3:::::::*
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::::::*