Fluid Attacks Database

Description

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	gdk-pixbuf	>=0 <2.36.10-1	2.36.10-1
debian 12	gdk-pixbuf	>=0 <2.36.10-1	2.36.10-1
alpine v3.3	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| >=0 <2.32.0-r2	2.32.0-r2
alpine v3.5	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.2-r0 \|\| =2.36.6-r0 \|\| >=0 <2.36.7-r0	2.36.7-r0
alpine v3.6	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| =2.36.6-r1 \|\| >=0 <2.36.7-r0	2.36.7-r0
rpm rhel7	gnome-getting-started-docs	<0:3.28.2-1.el7	0:3.28.2-1.el7
debian 13	gdk-pixbuf	>=0 <2.36.10-1	2.36.10-1
debian 14	gdk-pixbuf	>=0 <2.36.10-1	2.36.10-1
rpm rhel7	gnome-initial-setup	<0:3.28.0-1.el7	0:3.28.0-1.el7
rpm rhel7	libgdata	<0:0.17.9-1.el7	0:0.17.9-1.el7

1-10 of 155

Aliases

1. CVE-2017-28622. NVD-2017-28623. OSV-DEBIAN-2017-28624. OSV-2017-28625. OSV-ALPINE-2017-28626. SECURITY-TRACKER-CVE-2017-28627. SECURITY-CVE-2017-2862

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.