Bugzilla – Bug 991450
VUL-0: CVE-2016-6352: gdk-pixbuf: Out-of-bounds write in OneLine32() function
Last modified: 2020-06-30 09:20:00 UTC
Quoting from RH BZ: A write out-of-bounds parsing an ico file was found in gdk-pixbuf 2.30.7. A maliciously crafted file can cause the application to crash. rh#1349751 References: https://bugzilla.redhat.com/show_bug.cgi?id=1349751 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6352 http://seclists.org/oss-sec/2016/q3/162 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6352.html
the code seems in all gdk-pixbuf and gtk2 versions
This is an autogenerated message for OBS integration: This bug (991450) was mentioned in https://build.opensuse.org/request/show/424071 13.2 / gdk-pixbuf https://build.opensuse.org/request/show/424072 42.1 / gdk-pixbuf
openSUSE-SU-2016:2276-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 988745,991450 CVE References: CVE-2016-6352 Sources used: openSUSE Leap 42.1 (src): gdk-pixbuf-2.32.3-8.1 openSUSE 13.2 (src): gdk-pixbuf-2.32.3-9.1
SUSE-SU-2016:2532-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 966682,988745,991450 CVE References: CVE-2013-7447,CVE-2016-6352 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): gtk2-2.18.9-0.44.1 SUSE Linux Enterprise Server 11-SP4 (src): gtk2-2.18.9-0.44.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): gtk2-2.18.9-0.44.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2018-08-16. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64100
Done