ID CVE-2015-4491
Summary Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:gdk-pixbuf:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:-:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.23.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.23.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.23.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.23.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.26.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.26.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.26.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.26.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.30.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.30.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.31.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.31.4:*:*:*:*:*:*:*
  • cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*
    cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1252293
    title CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • comment thunderbird is earlier than 0:38.2.0-4.el5_11
        oval oval:com.redhat.rhsa:tst:20151682002
      • comment thunderbird is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070108003
    • AND
      • comment thunderbird is earlier than 0:38.2.0-4.el6_7
        oval oval:com.redhat.rhsa:tst:20151682008
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896006
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
    • AND
      • comment thunderbird is earlier than 0:38.2.0-1.el7_1
        oval oval:com.redhat.rhsa:tst:20151682014
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896006
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
    rhsa
    id RHSA-2015:1682
    released 2015-08-25
    severity Important
    title RHSA-2015:1682: thunderbird security update (Important)
  • bugzilla
    id 1252290
    title CVE-2015-4491 Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment gdk-pixbuf2 is earlier than 0:2.24.1-6.el6_7
            oval oval:com.redhat.rhsa:tst:20151694005
          • comment gdk-pixbuf2 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152116102
        • AND
          • comment gdk-pixbuf2-devel is earlier than 0:2.24.1-6.el6_7
            oval oval:com.redhat.rhsa:tst:20151694007
          • comment gdk-pixbuf2-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152116106
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
      • OR
        • AND
          • comment gdk-pixbuf2 is earlier than 0:2.28.2-5.el7_1
            oval oval:com.redhat.rhsa:tst:20151694014
          • comment gdk-pixbuf2 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152116102
        • AND
          • comment gdk-pixbuf2-devel is earlier than 0:2.28.2-5.el7_1
            oval oval:com.redhat.rhsa:tst:20151694013
          • comment gdk-pixbuf2-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152116106
    rhsa
    id RHSA-2015:1694
    released 2015-08-31
    severity Moderate
    title RHSA-2015:1694: gdk-pixbuf2 security update (Moderate)
  • rhsa
    id RHSA-2015:1586
rpms
  • firefox-0:38.2.0-4.el5_11
  • firefox-0:38.2.0-4.el6_7
  • firefox-0:38.2.0-4.el7_1
  • thunderbird-0:38.2.0-4.el5_11
  • thunderbird-0:38.2.0-4.el6_7
  • thunderbird-0:38.2.0-1.el7_1
  • gdk-pixbuf2-0:2.24.1-6.el6_7
  • gdk-pixbuf2-devel-0:2.24.1-6.el6_7
  • gdk-pixbuf2-0:2.28.2-5.el7_1
  • gdk-pixbuf2-devel-0:2.28.2-5.el7_1
refmap via4
confirm
debian DSA-3337
fedora
  • FEDORA-2015-13925
  • FEDORA-2015-13926
  • FEDORA-2015-14010
  • FEDORA-2015-14011
gentoo
  • GLSA-201512-05
  • GLSA-201605-06
sectrack
  • 1033247
  • 1033372
suse
  • SUSE-SU-2015:1449
  • SUSE-SU-2015:1528
  • SUSE-SU-2015:2081
  • openSUSE-SU-2015:1389
  • openSUSE-SU-2015:1390
  • openSUSE-SU-2015:1453
  • openSUSE-SU-2015:1454
  • openSUSE-SU-2015:1500
ubuntu
  • USN-2702-1
  • USN-2702-2
  • USN-2702-3
  • USN-2712-1
  • USN-2722-1
Last major update 30-10-2018 - 16:27
Published 16-08-2015 - 01:59
Back to Top