CVE-2015-4491
gdk-pixbuf - security update
EPSS 3.7%
Description
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
How to fix CVE-2015-4491
To remediate CVE-2015-4491, upgrade the affected package to a fixed version below.
- Debian/gdk-pixbuf—upgrade to 2.31.7-1 or later
- —upgrade to 2.26.1-1+deb7u1 or later
- —upgrade to 2.26.1-1+deb7u3 or later
- —upgrade to 2.21.5-1 or later
- —upgrade to 2.20.1-2+deb6u2 or later
Is CVE-2015-4491 being exploited?
Low — EPSS is 3.7%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 2.31.7-1
- from 0, < 2.26.1-1+deb7u1
- from 0, < 2.26.1-1+deb7u3
- from 0, < 2.21.5-1
- from 0, < 2.20.1-2+deb6u2