Bug#858491: gdk-pixbuf: CVE-2017-6311: crash in gdk-pixbuf-thumbnailer
Jeremy Bicha
jbicha at ubuntu.com
Wed Mar 22 20:59:45 UTC 2017
Package: libgdk-pixbuf2.0-bin
Severity: serious
Version: 2.36.5-3
Tags: security upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=778204
gnome-desktop3 3.24 dropped its thumbnailer code to use gdk-pixbuf's.
Therefore, the Debian GNOME team is introducing gdk-pixbuf's
thumbnailer into Debian after stretch.
The following vulnerability was published for gdk-pixbuf.
CVE-2017-6311[0]:
gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent
attackers to cause a denial of service (NULL pointer dereference and
application crash) via vectors related to printing an error message.
There is no patch upstream yet.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311
I am setting this bug severity to serious so that we won't
accidentally have this migrate to testing until someone looks into
this more.
Thank you,
Jeremy Bicha
More information about the pkg-gnome-maintainers
mailing list