Ubuntu.comUB:CVE-2015-4491CVE-2015-4491
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
85.8%
Integer overflow in the make_filter_table function in pixops/pixops.c in
gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and
Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other
products, allows remote attackers to execute arbitrary code or cause a
denial of service (heap-based buffer overflow and application crash) via
crafted bitmap dimensions that are mishandled during scaling.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | initial gdk-pixbuf fix was incomplete |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 12.04 | noarch | firefox | < 40.0+build4-0ubuntu0.12.04.1 | UNKNOWN |
| ubuntu | 14.04 | noarch | firefox | < 40.0+build4-0ubuntu0.14.04.1 | UNKNOWN |
| ubuntu | 15.04 | noarch | firefox | < 40.0+build4-0ubuntu0.15.04.1 | UNKNOWN |
| ubuntu | 12.04 | noarch | gdk-pixbuf | < 2.26.1-1ubuntu1.2 | UNKNOWN |
| ubuntu | 14.04 | noarch | gdk-pixbuf | < 2.30.7-0ubuntu1.1 | UNKNOWN |
| ubuntu | 15.04 | noarch | gdk-pixbuf | < 2.31.3-1ubuntu0.1 | UNKNOWN |
| ubuntu | 12.04 | noarch | thunderbird | < 1:38.2.0+build1-0ubuntu0.12.04.2 | UNKNOWN |
| ubuntu | 14.04 | noarch | thunderbird | < 1:38.2.0+build1-0ubuntu0.14.04.1 | UNKNOWN |
| ubuntu | 15.04 | noarch | thunderbird | < 1:38.2.0+build1-0ubuntu0.15.04.1 | UNKNOWN |
References
launchpad.net/bugs/cve/CVE-2015-4491
nvd.nist.gov/vuln/detail/CVE-2015-4491
security-tracker.debian.org/tracker/CVE-2015-4491
ubuntu.com/security/notices/USN-2702-1
ubuntu.com/security/notices/USN-2712-1
ubuntu.com/security/notices/USN-2722-1
www.cve.org/CVERecord?id=CVE-2015-4491
www.mozilla.org/en-US/security/advisories/mfsa2015-88/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
85.8%