Fluid Attacks Database

Description

io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	gtk+2.0	>=0 <2.21.5-1	2.21.5-1
debian 11	gdk-pixbuf	>=0 <2.32.0-1	2.32.0-1
debian 13	gtk+2.0	>=0 <2.21.5-1	2.21.5-1
debian 11	gtk+2.0	>=0 <2.21.5-1	2.21.5-1
debian 13	gdk-pixbuf	>=0 <2.32.0-1	2.32.0-1
debian 14	gdk-pixbuf	>=0 <2.32.0-1	2.32.0-1
debian 12	gdk-pixbuf	>=0 <2.32.0-1	2.32.0-1
debian 14	gtk+2.0	>=0 <2.21.5-1	2.21.5-1
rpm rhel7	gdk-pixbuf2	-	-
rpm rhel5	gdk-pixbuf	-	-

Aliases

1. CVE-2015-76732. NVD-2015-76733. OSV-DEBIAN-2015-76734. OSV-2015-76735. SECURITY-TRACKER-CVE-2015-7673

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.