Fluid Attacks Database

Description

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	gtk+2.0	>=0 <2.21.5-1	2.21.5-1
debian 13	gdk-pixbuf	>=0 <2.31.7-1	2.31.7-1
debian 14	gtk+2.0	>=0 <2.21.5-1	2.21.5-1
debian 13	gtk+2.0	>=0 <2.21.5-1	2.21.5-1
debian 11	gdk-pixbuf	>=0 <2.31.7-1	2.31.7-1
debian 11	gtk+2.0	>=0 <2.21.5-1	2.21.5-1
debian 12	gdk-pixbuf	>=0 <2.31.7-1	2.31.7-1
debian 14	gdk-pixbuf	>=0 <2.31.7-1	2.31.7-1
rpm rhel6	firefox	<0:38.2.0-4.el6_7	0:38.2.0-4.el6_7
rpm rhel7	firefox	<0:38.2.0-4.el7_1	0:38.2.0-4.el7_1

1-10 of 16

Aliases

1. CVE-2015-44912. NVD-2015-44913. OSV-DEBIAN-2015-44914. OSV-2015-44915. SECURITY-TRACKER-CVE-2015-4491

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.