CVE-2017-2862
gdk-pixbuf2: Heap overflow in the gdk_pixbuf__jpeg_image_load_increment function
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.
Existe una vulnerabilidad explotable de desbordamiento de montículos en la funcionalidad gdk_pixbuf__jpeg_image_load_increment de Gdk-Pixbuf 2.36.6. Un archivo jpeg especialmente manipulado puede provocar un desbordamiento de montículos que daría lugar a la ejecución remota de código. Un atacante puede enviar un archivo o URL para provocar esta vulnerabilidad.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-12-01 CVE Reserved
- 2017-09-05 CVE Published
- 2024-01-21 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100541 | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3978 | 2022-06-07 | |
| https://access.redhat.com/security/cve/CVE-2017-2862 | 2018-10-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1488817 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnome Search vendor "Gnome" | Gdk-pixbuf Search vendor "Gnome" for product "Gdk-pixbuf" | 2.36.6 Search vendor "Gnome" for product "Gdk-pixbuf" and version "2.36.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||