Vulnerabilities > CVE-2017-1000422 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3532-1.NASL description It was discoreved that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-1000422) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled certain images. An attacker could use this to cause a denial of service. (CVE-2017-6312, CVE-2017-6313) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled large TIFF files. An attacker could use this to cause a denial of service. (CVE-2017-6314). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 106074 published 2018-01-16 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106074 title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : gdk-pixbuf vulnerabilities (USN-3532-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3532-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(106074); script_version("3.7"); script_cvs_date("Date: 2019/09/18 12:31:47"); script_cve_id("CVE-2017-1000422", "CVE-2017-6312", "CVE-2017-6313", "CVE-2017-6314"); script_xref(name:"USN", value:"3532-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : gdk-pixbuf vulnerabilities (USN-3532-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discoreved that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-1000422) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled certain images. An attacker could use this to cause a denial of service. (CVE-2017-6312, CVE-2017-6313) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled large TIFF files. An attacker could use this to cause a denial of service. (CVE-2017-6314). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3532-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libgdk-pixbuf2.0-0 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgdk-pixbuf2.0-0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/10"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"libgdk-pixbuf2.0-0", pkgver:"2.30.7-0ubuntu1.8")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libgdk-pixbuf2.0-0", pkgver:"2.32.2-1ubuntu1.4")) flag++; if (ubuntu_check(osver:"17.10", pkgname:"libgdk-pixbuf2.0-0", pkgver:"2.36.11-1ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgdk-pixbuf2.0-0"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4088.NASL description It was discovered that multiple integer overflows in the GIF image loader in the GDK Pixbuf library may result in denial of service and potentially the execution of arbitrary code if a malformed image file is opened. last seen 2020-06-01 modified 2020-06-02 plugin id 106056 published 2018-01-16 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106056 title Debian DSA-4088-1 : gdk-pixbuf - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4088. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(106056); script_version("3.5"); script_cvs_date("Date: 2018/11/13 12:30:46"); script_cve_id("CVE-2017-1000422"); script_xref(name:"DSA", value:"4088"); script_name(english:"Debian DSA-4088-1 : gdk-pixbuf - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that multiple integer overflows in the GIF image loader in the GDK Pixbuf library may result in denial of service and potentially the execution of arbitrary code if a malformed image file is opened." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2017-6312" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2017-6313" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2017-6314" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/gdk-pixbuf" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/gdk-pixbuf" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/gdk-pixbuf" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4088" ); script_set_attribute( attribute:"solution", value: "Upgrade the gdk-pixbuf packages. For the oldstable distribution (jessie), this problem has been fixed in version 2.31.1-2+deb8u7. For the stable distribution (stretch), this problem has been fixed in version 2.36.5-2+deb9u2. In addition this update provides fixes for CVE-2017-6312, CVE-2017-6313 and CVE-2017-6314." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gdk-pixbuf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"gir1.2-gdkpixbuf-2.0", reference:"2.31.1-2+deb8u7")) flag++; if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-0", reference:"2.31.1-2+deb8u7")) flag++; if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-0-dbg", reference:"2.31.1-2+deb8u7")) flag++; if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-common", reference:"2.31.1-2+deb8u7")) flag++; if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-dev", reference:"2.31.1-2+deb8u7")) flag++; if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-doc", reference:"2.31.1-2+deb8u7")) flag++; if (deb_check(release:"9.0", prefix:"gir1.2-gdkpixbuf-2.0", reference:"2.36.5-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libgdk-pixbuf2.0-0", reference:"2.36.5-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libgdk-pixbuf2.0-0-udeb", reference:"2.36.5-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libgdk-pixbuf2.0-common", reference:"2.36.5-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libgdk-pixbuf2.0-dev", reference:"2.36.5-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libgdk-pixbuf2.0-doc", reference:"2.36.5-2+deb9u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1950-1.NASL description This update for gdk-pixbuf fixes the following security issue : - CVE-2017-1000422: Prevent several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution (bsc#1074462). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111102 published 2018-07-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111102 title SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2018:1950-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1438.NASL description According to the versions of the gdk-pixbuf2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application.(CVE-2015-4491) - Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution(CVE-2017-1000422) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124941 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124941 title EulerOS Virtualization 3.0.1.0 : gdk-pixbuf2 (EulerOS-SA-2019-1438) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1045.NASL description According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter.Security Fix(es):An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.(CVE-2017-2862)An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.(CVE-2017-2870)Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution.(CVE-2017-1000422) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-03 modified 2018-02-13 plugin id 106773 published 2018-02-13 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106773 title EulerOS 2.0 SP1 : gdk-pixbuf2 (EulerOS-SA-2018-1045) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-741.NASL description This update for gdk-pixbuf fixes the following security issue : - CVE-2017-1000422: Prevent several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution (bsc#1074462). This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2018-07-20 plugin id 111196 published 2018-07-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111196 title openSUSE Security Update : gdk-pixbuf (openSUSE-2018-741) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201804-14.NASL description The remote host is affected by the vulnerability described in GLSA-201804-14 (GDK-PixBuf: Remote code execution) Several integer overflows were discovered in GDK-PixBuf’s gif_get_lzw function. Impact : A remote attacker, by enticing a user to process a specially crafted image file, could execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 109098 published 2018-04-18 reporter This script is Copyright (C) 2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/109098 title GLSA-201804-14 : GDK-PixBuf: Remote code execution NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1046.NASL description According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.i1/4^CVE-2017-2862i1/4%0 - An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.i1/4^CVE-2017-2870i1/4%0 - Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code executioni1/4^CVE-2017-1000422i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-10 modified 2018-02-13 plugin id 106774 published 2018-02-13 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106774 title EulerOS 2.0 SP2 : gdk-pixbuf2 (EulerOS-SA-2018-1046)
References
- https://bugzilla.gnome.org/show_bug.cgi?id=785973
- https://bugzilla.gnome.org/show_bug.cgi?id=785973
- https://lists.debian.org/debian-lts-announce/2018/01/msg00007.html
- https://lists.debian.org/debian-lts-announce/2018/01/msg00007.html
- https://security.gentoo.org/glsa/201804-14
- https://security.gentoo.org/glsa/201804-14
- https://usn.ubuntu.com/3532-1/
- https://usn.ubuntu.com/3532-1/
- https://www.debian.org/security/2018/dsa-4088
- https://www.debian.org/security/2018/dsa-4088