Vulnerabilities > CVE-2017-1000422 - Integer Overflow or Wraparound vulnerability in multiple products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3532-1.NASL
    descriptionIt was discoreved that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-1000422) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled certain images. An attacker could use this to cause a denial of service. (CVE-2017-6312, CVE-2017-6313) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled large TIFF files. An attacker could use this to cause a denial of service. (CVE-2017-6314). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106074
    published2018-01-16
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106074
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : gdk-pixbuf vulnerabilities (USN-3532-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3532-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106074);
      script_version("3.7");
      script_cvs_date("Date: 2019/09/18 12:31:47");
    
      script_cve_id("CVE-2017-1000422", "CVE-2017-6312", "CVE-2017-6313", "CVE-2017-6314");
      script_xref(name:"USN", value:"3532-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : gdk-pixbuf vulnerabilities (USN-3532-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discoreved that GDK-PixBuf incorrectly handled certain gif
    images. An attacker could use this to execute arbitrary code. This
    issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
    (CVE-2017-1000422)
    
    Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled
    certain images. An attacker could use this to cause a denial of
    service. (CVE-2017-6312, CVE-2017-6313)
    
    Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled large
    TIFF files. An attacker could use this to cause a denial of service.
    (CVE-2017-6314).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3532-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libgdk-pixbuf2.0-0 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgdk-pixbuf2.0-0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"libgdk-pixbuf2.0-0", pkgver:"2.30.7-0ubuntu1.8")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libgdk-pixbuf2.0-0", pkgver:"2.32.2-1ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"libgdk-pixbuf2.0-0", pkgver:"2.36.11-1ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgdk-pixbuf2.0-0");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4088.NASL
    descriptionIt was discovered that multiple integer overflows in the GIF image loader in the GDK Pixbuf library may result in denial of service and potentially the execution of arbitrary code if a malformed image file is opened.
    last seen2020-06-01
    modified2020-06-02
    plugin id106056
    published2018-01-16
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106056
    titleDebian DSA-4088-1 : gdk-pixbuf - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4088. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106056);
      script_version("3.5");
      script_cvs_date("Date: 2018/11/13 12:30:46");
    
      script_cve_id("CVE-2017-1000422");
      script_xref(name:"DSA", value:"4088");
    
      script_name(english:"Debian DSA-4088-1 : gdk-pixbuf - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that multiple integer overflows in the GIF image
    loader in the GDK Pixbuf library may result in denial of service and
    potentially the execution of arbitrary code if a malformed image file
    is opened."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-6312"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-6313"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-6314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/gdk-pixbuf"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/gdk-pixbuf"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/gdk-pixbuf"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2018/dsa-4088"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the gdk-pixbuf packages.
    
    For the oldstable distribution (jessie), this problem has been fixed
    in version 2.31.1-2+deb8u7.
    
    For the stable distribution (stretch), this problem has been fixed in
    version 2.36.5-2+deb9u2. In addition this update provides fixes for
    CVE-2017-6312, CVE-2017-6313 and CVE-2017-6314."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gdk-pixbuf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"gir1.2-gdkpixbuf-2.0", reference:"2.31.1-2+deb8u7")) flag++;
    if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-0", reference:"2.31.1-2+deb8u7")) flag++;
    if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-0-dbg", reference:"2.31.1-2+deb8u7")) flag++;
    if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-common", reference:"2.31.1-2+deb8u7")) flag++;
    if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-dev", reference:"2.31.1-2+deb8u7")) flag++;
    if (deb_check(release:"8.0", prefix:"libgdk-pixbuf2.0-doc", reference:"2.31.1-2+deb8u7")) flag++;
    if (deb_check(release:"9.0", prefix:"gir1.2-gdkpixbuf-2.0", reference:"2.36.5-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libgdk-pixbuf2.0-0", reference:"2.36.5-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libgdk-pixbuf2.0-0-udeb", reference:"2.36.5-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libgdk-pixbuf2.0-common", reference:"2.36.5-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libgdk-pixbuf2.0-dev", reference:"2.36.5-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libgdk-pixbuf2.0-doc", reference:"2.36.5-2+deb9u2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1950-1.NASL
    descriptionThis update for gdk-pixbuf fixes the following security issue : - CVE-2017-1000422: Prevent several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution (bsc#1074462). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111102
    published2018-07-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111102
    titleSUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2018:1950-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1438.NASL
    descriptionAccording to the versions of the gdk-pixbuf2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application.(CVE-2015-4491) - Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution(CVE-2017-1000422) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124941
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124941
    titleEulerOS Virtualization 3.0.1.0 : gdk-pixbuf2 (EulerOS-SA-2019-1438)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1045.NASL
    descriptionAccording to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter.Security Fix(es):An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.(CVE-2017-2862)An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.(CVE-2017-2870)Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution.(CVE-2017-1000422) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-03
    modified2018-02-13
    plugin id106773
    published2018-02-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106773
    titleEulerOS 2.0 SP1 : gdk-pixbuf2 (EulerOS-SA-2018-1045)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-741.NASL
    descriptionThis update for gdk-pixbuf fixes the following security issue : - CVE-2017-1000422: Prevent several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution (bsc#1074462). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2018-07-20
    plugin id111196
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111196
    titleopenSUSE Security Update : gdk-pixbuf (openSUSE-2018-741)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201804-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201804-14 (GDK-PixBuf: Remote code execution) Several integer overflows were discovered in GDK-PixBuf&rsquo;s gif_get_lzw function. Impact : A remote attacker, by enticing a user to process a specially crafted image file, could execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id109098
    published2018-04-18
    reporterThis script is Copyright (C) 2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/109098
    titleGLSA-201804-14 : GDK-PixBuf: Remote code execution
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1046.NASL
    descriptionAccording to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.i1/4^CVE-2017-2862i1/4%0 - An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.i1/4^CVE-2017-2870i1/4%0 - Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code executioni1/4^CVE-2017-1000422i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-10
    modified2018-02-13
    plugin id106774
    published2018-02-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106774
    titleEulerOS 2.0 SP2 : gdk-pixbuf2 (EulerOS-SA-2018-1046)