Bug 991450 - (CVE-2016-6352) VUL-0: CVE-2016-6352: gdk-pixbuf: Out-of-bounds write in OneLine32() function
(CVE-2016-6352)
VUL-0: CVE-2016-6352: gdk-pixbuf: Out-of-bounds write in OneLine32() function
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/171374/
maint:released:sle10-sp3:64101 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-01 10:21 UTC by Sebastian Krahmer
Modified: 2020-06-30 09:20 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2016-08-01 10:21:35 UTC
Quoting from RH BZ:

A write out-of-bounds parsing an ico file was found in gdk-pixbuf 2.30.7. A maliciously crafted file can cause the application to crash.

rh#1349751



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1349751
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6352
http://seclists.org/oss-sec/2016/q3/162
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6352.html
Comment 3 Marcus Meissner 2016-08-23 11:42:44 UTC
the code seems in all gdk-pixbuf and gtk2 versions
Comment 9 Bernhard Wiedemann 2016-08-31 18:01:11 UTC
This is an autogenerated message for OBS integration:
This bug (991450) was mentioned in
https://build.opensuse.org/request/show/424071 13.2 / gdk-pixbuf
https://build.opensuse.org/request/show/424072 42.1 / gdk-pixbuf
Comment 11 Swamp Workflow Management 2016-09-09 12:11:10 UTC
openSUSE-SU-2016:2276-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 988745,991450
CVE References: CVE-2016-6352
Sources used:
openSUSE Leap 42.1 (src):    gdk-pixbuf-2.32.3-8.1
openSUSE 13.2 (src):    gdk-pixbuf-2.32.3-9.1
Comment 12 Swamp Workflow Management 2016-10-13 19:09:19 UTC
SUSE-SU-2016:2532-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 966682,988745,991450
CVE References: CVE-2013-7447,CVE-2016-6352
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    gtk2-2.18.9-0.44.1
SUSE Linux Enterprise Server 11-SP4 (src):    gtk2-2.18.9-0.44.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    gtk2-2.18.9-0.44.1
Comment 18 Swamp Workflow Management 2018-08-02 14:05:03 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-08-16.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64100
Comment 23 Alexandros Toptsoglou 2020-06-30 09:20:00 UTC
Done