CVE-2015-7674
gdk-pixbuf - security update
EPSS 0.98%
Description
Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.
How to fix CVE-2015-7674
To remediate CVE-2015-7674, upgrade the affected package to a fixed version below.
- Debian/gdk-pixbuf—upgrade to 2.32.1-1 or later
- Debian/gdk-pixbuf—upgrade to 2.26.1-1+deb7u4 or later
- —upgrade to 2.21.5-1 or later
Is CVE-2015-7674 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.32.1-1
- from 0, < 2.26.1-1+deb7u4
- from 0, < 2.21.5-1