A vulnerability has been found in GDK-PixBuf that may allow a remote attacker to execute arbitrary code.
Package | x11-libs/gdk-pixbuf on all architectures |
---|---|
Affected versions | < 2.36.11 |
Unaffected versions | >= 2.36.11 |
GDK-PixBuf is an image loading library for GTK+.
Several integer overflows were discovered in GDK-PixBuf’s gif_get_lzw function.
A remote attacker, by enticing a user to process a specially crafted image file, could execute arbitrary code or cause a Denial of Service condition.
There is no known workaround at this time.
All GDK-PixBuf users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/gdk-pixbuf-2.36.11"
Release date
April 17, 2018
Latest revision
April 17, 2018: 1
Severity
normal
Exploitable
remote
Bugzilla entries