Vulnerabilities > CVE-2015-7674 - Numeric Errors vulnerability in multiple products

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

nessus

NVD

Published: 2015-10-26

Updated: 2018-10-30

Summary

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
OS	Canonical Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 15.04	3
OS	Opensuse Opensuse Opensuse 13.2	1
Application	Gnome Gnome GDK Pixbuf - Gnome GDK Pixbuf 2.22.1 Gnome GDK Pixbuf 2.23.3 Gnome GDK Pixbuf 2.23.5 Gnome GDK Pixbuf 2.24.0 Gnome GDK Pixbuf 2.26.1 Gnome GDK Pixbuf 2.26.5 Gnome GDK Pixbuf 2.28.1 Gnome GDK Pixbuf 2.30.6 Gnome GDK Pixbuf 2.30.7 Gnome GDK Pixbuf 2.30.8 Gnome GDK Pixbuf 2.31.0 Gnome GDK Pixbuf 2.31.1 Gnome GDK Pixbuf 2.31.4	14

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-669.NASL
description	This update for gdk-pixbuf fixes the following issues : - CVE-2015-7552: Fixed various overflows in image handling (boo#958963). - CVE-2015-7673: Fixed an overflow and DoS with a TGA file (boo#948790). - CVE-2015-7674: Fixed overflow when scaling a gif (boo#948791).
last seen	2020-06-05
modified	2016-06-02
plugin id	91438
published	2016-06-02
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/91438
title	openSUSE Security Update : gdk-pixbuf (openSUSE-2016-669)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-669. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(91438); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-7552", "CVE-2015-7673", "CVE-2015-7674"); script_name(english:"openSUSE Security Update : gdk-pixbuf (openSUSE-2016-669)"); script_summary(english:"Check for the openSUSE-2016-669 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for gdk-pixbuf fixes the following issues : - CVE-2015-7552: Fixed various overflows in image handling (boo#958963). - CVE-2015-7673: Fixed an overflow and DoS with a TGA file (boo#948790). - CVE-2015-7674: Fixed overflow when scaling a gif (boo#948791)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=948790" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=948791" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958963" ); script_set_attribute( attribute:"solution", value:"Update the affected gdk-pixbuf packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdk-pixbuf-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdk-pixbuf-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdk-pixbuf-devel-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdk-pixbuf-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdk-pixbuf-query-loaders-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgdk_pixbuf-2_0-0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typelib-1_0-GdkPixbuf-2_0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.1", reference:"gdk-pixbuf-debugsource-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"gdk-pixbuf-devel-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"gdk-pixbuf-devel-debuginfo-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"gdk-pixbuf-lang-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"gdk-pixbuf-query-loaders-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"gdk-pixbuf-query-loaders-debuginfo-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libgdk_pixbuf-2_0-0-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libgdk_pixbuf-2_0-0-debuginfo-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"typelib-1_0-GdkPixbuf-2_0-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"gdk-pixbuf-devel-32bit-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"gdk-pixbuf-devel-debuginfo-32bit-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"gdk-pixbuf-query-loaders-32bit-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"gdk-pixbuf-query-loaders-debuginfo-32bit-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libgdk_pixbuf-2_0-0-32bit-2.31.6-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libgdk_pixbuf-2_0-0-debuginfo-32bit-2.31.6-4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gdk-pixbuf-debugsource / gdk-pixbuf-devel / gdk-pixbuf-devel-32bit / etc"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-434.NASL
description	Gustavo Grieco discovered different security issues in Gtk+2.0
last seen	2020-03-17
modified	2016-02-29
plugin id	88995
published	2016-02-29
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88995
title	Debian DLA-434-1 : gtk+2.0 security update

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1787-1.NASL
description	gtk2 was updated to fix two security issues. These security issues were fixed : - CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801). - CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	86536
published	2015-10-22
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86536
title	SUSE SLED11 / SLES11 Security Update : gtk2 (SUSE-SU-2015:1787-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-405.NASL
description	This update for gdk-pixbuf fixes the following issues : - CVE-2015-7552: Fixed various overflows in image handling (boo#958963). - CVE-2015-7673: Fixed an overflow and DoS with a TGA file (boo#948790). - CVE-2015-7674: Fixed overflow when scaling a gif (boo#948791).
last seen	2020-06-05
modified	2016-03-29
plugin id	90253
published	2016-03-29
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/90253
title	openSUSE Security Update : gdk-pixbuf (openSUSE-2016-405)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-2195-1.NASL
description	The gdk pixbuf library was updated to fix three security issues. These security issues were fixed : - CVE-2015-7673: Fix some more overflows scaling a gif (bsc#948791) - CVE-2015-4491: Check for overflow before allocating memory when scaling (bsc#942801) - CVE-2015-7673: Fix an overflow and DoS when scaling TGA files (bsc#948790). - CVE-2015-7674: Fix overflow when scaling GIF files(bsc#948791). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87215
published	2015-12-07
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87215
title	SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2015:2195-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3378.NASL
description	Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer manipulation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-7673 Gustavo Grieco discovered a heap overflow in the processing of TGA images which may result in the execution of arbitrary code or denial of service (process crash) if a malformed image is opened. - CVE-2015-7674 Gustavo Grieco discovered an integer overflow flaw in the processing of GIF images which may result in the execution of arbitrary code or denial of service (process crash) if a malformed image is opened.
last seen	2020-06-01
modified	2020-06-02
plugin id	86581
published	2015-10-26
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86581
title	Debian DSA-3378-1 : gdk-pixbuf - security update

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2767-1.NASL
description	Gustavo Grieco discovered that the GDK-PixBuf library did not properly handle scaling tga image files, leading to a heap overflow. If a user or automated system were tricked into opening a tga image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7673) Gustavo Grieco discovered that the GDK-PixBuf library contained an integer overflow when handling certain GIF images. If a user or automated system were tricked into opening a GIF image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7674). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	86379
published	2015-10-14
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86379
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : gdk-pixbuf vulnerabilities (USN-2767-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-450.NASL
description	A heap-based buffer overflow has been discovered in gdk-pixbuf, a library for image loading and saving facilities, fast scaling and compositing of pixbufs, that allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file. This update also fixes an incomplete patch for CVE-2015-7674. CVE-2015-7552 Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file. CVE-2015-7674 Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. For Debian 7
last seen	2020-03-17
modified	2016-05-02
plugin id	90807
published	2016-05-02
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/90807
title	Debian DLA-450-1 : gdk-pixbuf security update

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-2195-2.NASL
description	The gdk pixbuf library was updated to fix three security issues. These security issues were fixed : - CVE-2015-7673: Fix some more overflows scaling a gif (bsc#948791) - CVE-2015-4491: Check for overflow before allocating memory when scaling (bsc#942801) - CVE-2015-7673: Fix an overflow and DoS when scaling TGA files (bsc#948790). - CVE-2015-7674: Fix overflow when scaling GIF files(bsc#948791). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87646
published	2015-12-29
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87646
title	SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2015:2195-2)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_9272A5B06B4011E5BD7FBCAEC565249C.NASL
description	reports : We found a heap overflow and a DoS in the gdk-pixbuf implementation triggered by the scaling of tga file. We found a heap overflow in the gdk-pixbuf implementation triggered by the scaling of gif file.
last seen	2020-06-01
modified	2020-06-02
plugin id	86278
published	2015-10-06
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86278
title	FreeBSD : gdk-pixbuf2 -- head overflow and DoS (9272a5b0-6b40-11e5-bd7f-bcaec565249c)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201512-05.NASL
description	The remote host is affected by the vulnerability described in GLSA-201512-05 (gdk-pixbuf: Multiple Vulnerabilities) Three heap-based buffer overflow vulnerabilities have been discovered in gdk-pixbuf. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted image file with an application linked against gdk-pixbuf, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	87546
published	2015-12-22
reporter	This script is Copyright (C) 2015 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87546
title	GLSA-201512-05 : gdk-pixbuf: Multiple Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References