- Home
- CVEs with nessus.description==This update for gtk2 provides the following fixes: These security issues were fixed :
- CVE-2017-6312: Prevent integer overflow that allowed context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file (bsc#1027026).
- CVE-2017-6314: The make_available_at_least function allowed context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file (bsc#1027025).
- CVE-2017-6313: Prevent integer underflow in the load_resources function that allowed context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file (bsc#1027024).
- CVE-2017-2862: Prevent heap overflow in the gdk_pixbuf__jpeg_image_load_increment function. A specially crafted jpeg file could have caused a heap overflow resulting in remote code execution (bsc#1048289)
- CVE-2017-2870: Prevent integer overflow in the tiff_image_parse functionality. A specially crafted tiff file could have caused a heap-overflow resulting in remote code execution (bsc#1048544).
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top