CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2017-6313
https://notcve.org/view.php?id=CVE-2017-6313
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. Desbordamiento inferior de entero en la función load_resources en io-icns.c en gdk-pixbuf permite a atacantes dependientes de contexto provocar una denegación de servicio (lectura fuera de límites y caída del programa) a través de una entrada de tamaño de imagen manipulada en un archivo ICO. • http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html http://www.openwall.com/lists/oss-security/2017/02/21/4 http://www.openwall.com/lists/oss-security/2017/02/26/1 http://www.securityfocus.com/bid/96779 https://bugzilla.gnome.org/show_bug.cgi?id=779016 https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2 https://lists.fedoraproject.org/arch • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 3CVE-2017-6314
https://notcve.org/view.php?id=CVE-2017-6314
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. La función make_available_at_least en io-tiff.c en gdk-pixbuf permite a atacantes dependientes de contexto provocar una denegación de servicio (bucle infinito) a través de un archivo TIFF grande. • http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html http://www.openwall.com/lists/oss-security/2017/02/21/4 http://www.openwall.com/lists/oss-security/2017/02/26/1 http://www.securityfocus.com/bid/96779 https://bugzilla.gnome.org/show_bug.cgi?id=779020 https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2 https://lists.fedoraproject.org/arch • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2017-6311
https://notcve.org/view.php?id=CVE-2017-6311
gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. gdk-pixbuf-thumbnailer.c en gdk-pixbuf permite a atacantes dependientes de contexto provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de vectores relacionados con la impresión de un mensaje de error. • http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html http://www.openwall.com/lists/oss-security/2017/02/21/4 http://www.openwall.com/lists/oss-security/2017/02/26/1 http://www.securityfocus.com/bid/96779 https://bugzilla.gnome.org/show_bug.cgi?id=778204 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLA • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5885 – gtk-vnc: Integer overflow when processing SetColorMapEntries
https://notcve.org/view.php?id=CVE-2017-5885
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. Múltiples desbordamientos de entero en las funciones (1) vnc_connection_server_message y (2) vnc_color_map_set en gtk-vnc en versiones anteriores a 0.7.0 permiten a servidores remotos provocar una denegación de servicio (caída) o la posibilidad de ejecutar código arbitrario a través de vectores implicando SetColorMapEntries, lo que desencadena un desbordamiento de búfer. An integer overflow flaw was found in gtk-vnc. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. • http://www.openwall.com/lists/oss-security/2017/02/03/5 http://www.openwall.com/lists/oss-security/2017/02/05/5 http://www.securityfocus.com/bid/96016 https://access.redhat.com/errata/RHSA-2017:2258 https://bugzilla.gnome.org/show_bug.cgi?id=778050 https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK https://access.redhat.com/securit • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5884 – gtk-vnc: Improper check of framebuffer boundaries when processing a tile
https://notcve.org/view.php?id=CVE-2017-5884
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. gtk-vnc en versiones anteriores a 0.7.0 no comprueba adecuadamente los límites de azulejos que contienen sub rectángulo, lo que permite a servidores remotos ejecutar código arbitrario a través de las coordenadas src x, y en un azulejo (1) rre, (2) hextile o (3) copyrect manipulado. It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. • http://www.openwall.com/lists/oss-security/2017/02/03/5 http://www.openwall.com/lists/oss-security/2017/02/05/5 http://www.securityfocus.com/bid/96016 https://access.redhat.com/errata/RHSA-2017:2258 https://bugzilla.gnome.org/show_bug.cgi?id=778048 https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK https://access.redhat.com/securit • CWE-118: Incorrect Access of Indexable Resource ('Range Error') CWE-787: Out-of-bounds Write •