Fluid Attacks Database

Description

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	gdk-pixbuf	>=0 <2.32.1-1	2.32.1-1
debian 12	gtk+2.0	>=0 <2.21.5-1	2.21.5-1
debian 14	gtk+2.0	>=0 <2.21.5-1	2.21.5-1
debian 11	gdk-pixbuf	>=0 <2.32.1-1	2.32.1-1
debian 14	gdk-pixbuf	>=0 <2.32.1-1	2.32.1-1
debian 11	gtk+2.0	>=0 <2.21.5-1	2.21.5-1
debian 13	gdk-pixbuf	>=0 <2.32.1-1	2.32.1-1
debian 13	gtk+2.0	>=0 <2.21.5-1	2.21.5-1
rpm rhel7	gdk-pixbuf2	-	-
rpm rhel5	gdk-pixbuf	-	-

Aliases

1. CVE-2015-76742. NVD-2015-76743. OSV-DEBIAN-2015-76744. OSV-2015-76745. SECURITY-TRACKER-CVE-2015-7674

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.