-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : gdk-pixbuf Version : 2.26.1-1+deb7u4 CVE ID : CVE-2015-7552 CVE-2015-7674
A heap-based buffer overflow has been discovered in gdk-pixbuf, a library for image loading and saving facilities, fast scaling and compositing of pixbufs, that allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file. This update also fixes an incomplete patch for CVE-2015-7674. CVE-2015-7552 Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file. CVE-2015-7674 Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. For Debian 7 "Wheezy", these problems have been fixed in version 2.26.1-1+deb7u4. We recommend that you upgrade your gdk-pixbuf packages. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJXJPRZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HksSsP/1Sc3VMZHkTZ0O2kAw89XL9r U9QBosMyPpjG/gWBwIjxzBmYqiCFsHh8LVifQGB87ycMOS8M66pOl54VBL9tggQe XSB7e/R2sVSpgk/is/SU+GubYfqZuOJyDvkmuPOcJGBT55RWZOCeD/tJ1cAoO9NJ ns3kL0BBRAbp1bHyRKBUWtOBcbznwRbJcOi95g+O8PdIGoa7CPGzp6EqBs0nHiMs LszhgXc5JJBE8TeYNSZniFxCEa6Ob1tlPlGk5endEZfdyf1OKZ/P/Mx2wj6Cr3Oo JiZ10A86wEZx5BaC0qqKYeERC7cSImEj9KrZdtgWfkXqftUgMHONhrfvwukqbkFa TEwarE8O/yncbSDwzYZzRbrWYzLD7IJdkp1drYciBe8LwtfTmN1Tk3Y+kL72Ld5u WhvI8Nnj5twukf7ZdRqsxN/8j80EYxxvEdXebMt6iTeUjdStF1ojZHZS2K9/gr3O fmY1iMDJ+9uncdEFS1FdKZgQh4F82Jcxe0+QMRr434TYbQFV+MVoN6qokPqHFeA5 lmtUsT4Yt+hs0shcGLPibLpSH8OSJ1Qg7sgwfPzlZ3pm33HAGqQOFAZ/QnfVQ/iG qtS/59EYwXQM6LqkZjluolEvGLHlHOCJKAsrd4nVAxdF+92rrEGUul+HeoQAts4Q iNvjk0bXXsmzCZ53NJuN =wvUe -----END PGP SIGNATURE-----