{"id":"MGASA-2018-0016","summary":"Updated gdk-pixbuf2.0 packages fix security vulnerability","details":"JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability\n(CVE-2017-2862).\n\ntiff_image_parse Code Execution Vulnerability (CVE-2017-2870).\n\nAriel Zelivansky discovered that the GDK-PixBuf library did not properly\nhandle printing certain error messages. If an user or automated system were\ntricked into opening a specially crafted image file, a remote attacker\ncould use this flaw to cause GDK-PixBuf to crash, resulting in a denial of\nservice (CVE-2017-6311).\n\nOut-of-bounds read on io-ico.c (CVE-2017-6312).\n\nA dangerous integer underflow in io-icns.c (CVE-2017-6313).\n\nInfinite loop in io-tiff.c (CVE-2017-6314).\n\nNote, the CVE-2017-2862, CVE-2017-2870, and CVE-2017-6311 issues only\naffected Mageia 5.\n","modified":"2026-04-16T01:46:18.265790507Z","published":"2018-01-01T15:50:28Z","upstream":["CVE-2017-2862","CVE-2017-2870","CVE-2017-6311","CVE-2017-6312","CVE-2017-6313","CVE-2017-6314"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0016.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21680"},{"type":"WEB","url":"https://usn.ubuntu.com/usn/usn-3418-1/"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-09/msg00031.html"}],"affected":[{"package":{"name":"gdk-pixbuf2.0","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/gdk-pixbuf2.0?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.32.3-1.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0016.json"}},{"package":{"name":"gdk-pixbuf2.0","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/gdk-pixbuf2.0?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.36.10-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0016.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}