Vulnerabilities > Gnome > GDK Pixbuf > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-26 CVE-2020-29385 Infinite Loop vulnerability in multiple products
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes.
local
low complexity
gnome canonical fedoraproject CWE-835
5.5
2019-03-07 CVE-2017-12447 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Gdk-Pixbuf and Nautilus
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.
6.8
2018-01-02 CVE-2017-1000422 Integer Overflow or Wraparound vulnerability in multiple products
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
6.8
2017-09-05 CVE-2017-2870 Integer Overflow or Wraparound vulnerability in multiple products
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang.
network
gnome debian CWE-190
6.8
2017-09-05 CVE-2017-2862 Out-of-bounds Write vulnerability in multiple products
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6.
network
gnome debian CWE-787
6.8
2017-03-10 CVE-2017-6314 Infinite Loop vulnerability in multiple products
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
local
low complexity
gnome fedoraproject debian CWE-835
5.5
2017-03-10 CVE-2017-6312 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
local
low complexity
gnome fedoraproject debian CWE-190
5.5
2016-10-03 CVE-2016-6352 Out-of-bounds Write vulnerability in multiple products
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
network
low complexity
canonical gnome opensuse CWE-787
5.0
2016-06-01 CVE-2015-8875 Numeric Errors vulnerability in multiple products
Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.
network
gnome debian CWE-189
6.8
2015-10-26 CVE-2015-7674 Numeric Errors vulnerability in multiple products
Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.
6.8