{"id":"CVE-2016-6352","details":"The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.","modified":"2026-04-16T01:37:43.497121519Z","published":"2016-10-03T18:59:08.787Z","related":["SUSE-SU-2016:2532-1","openSUSE-SU-2024:10453-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"12.04"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","source":"CPE_FIELD"},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","extracted_events":[{"last_affected":"14.04"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","extracted_events":[{"last_affected":"16.04"}]},{"extracted_events":[{"last_affected":"42.1"}],"cpe":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"13.2"}]}]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00040.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/07/26/11"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3085-1"},{"type":"ADVISORY","url":"https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b"},{"type":"REPORT","url":"https://bugzilla.gnome.org/show_bug.cgi?id=769170"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2016/07/13/11"},{"type":"EVIDENCE","url":"https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/gdk-pixbuf","events":[{"introduced":"0"},{"last_affected":"9f4406e1c10743b4d2ff53ccf1888055179ce297"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"2.35.2"}]}}],"versions":["2.21.3","2.21.4","2.21.6","2.21.7","2.22.0","2.22.1","2.23.0","2.23.1","2.23.2","2.23.3","2.23.4","2.23.5","2.24.0","2.25.0","2.25.2","2.26.0","2.26.1","2.26.2","2.26.3","2.26.4","2.26.5","2.27.0","2.27.1","2.27.2","2.27.3","2.28.0","2.29.0","2.29.1","2.29.2","2.29.3","2.30.0","2.30.1","2.30.2","2.30.3","2.30.4","2.30.5","2.30.6","2.30.7","2.30.8","2.31.0","2.31.1","2.31.2","2.31.3","2.31.4","2.31.5","2.31.6","2.31.7","2.32.0","2.32.1","2.33.1","2.33.2","2.34.0","2.35.1","2.35.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6352.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}