CVE-2015-4491

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.mozilla.org/security/announce/2015/mfsa2015-88.html	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1184009	Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1252290	Issue Tracking
https://bugzilla.gnome.org/show_bug.cgi?id=752297	Issue Tracking
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html	Third Party Advisory
http://www.ubuntu.com/usn/USN-2702-2	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html	Third Party Advisory
http://www.ubuntu.com/usn/USN-2702-1	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Third Party Advisory
https://security.gentoo.org/glsa/201605-06
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
https://security.gentoo.org/glsa/201512-05
http://www.securitytracker.com/id/1033372
http://rhn.redhat.com/errata/RHSA-2015-1694.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html
http://www.ubuntu.com/usn/USN-2722-1
http://www.ubuntu.com/usn/USN-2712-1
http://www.ubuntu.com/usn/USN-2702-3
http://www.securitytracker.com/id/1033247
http://www.debian.org/security/2015/dsa-3337
http://rhn.redhat.com/errata/RHSA-2015-1682.html
http://rhn.redhat.com/errata/RHSA-2015-1586.html

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:a:google:chrome:-:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.0.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.0.5:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.1.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:oracle:solaris:10:::::::*
	cpe:2.3:o:oracle:solaris:11.3:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
	cpe:2.3:o:fedoraproject:fedora:21:::::::*
	cpe:2.3:o:fedoraproject:fedora:22:::::::*

Information

Published : 2015-08-15 18:59

Updated : 2018-10-30 09:27

NVD link : CVE-2015-4491

Mitre link : CVE-2015-4491

JSON object : View

CWE

CWE-189

Numeric Errors

Products Affected

mozilla

firefox_esr
firefox

google

chrome

fedoraproject

fedora

canonical

ubuntu_linux

linux

linux_kernel

gnome

gdk-pixbuf

opensuse

opensuse

oracle

solaris

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-88.html", "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-88.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1184009", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1184009", "tags": ["Issue Tracking"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252290", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252290", "tags": ["Issue Tracking"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.gnome.org/show_bug.cgi?id=752297", "name": "https://bugzilla.gnome.org/show_bug.cgi?id=752297", "tags": ["Issue Tracking"], "refsource": "CONFIRM"}, {"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199", "name": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html", "name": "openSUSE-SU-2015:1389", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.ubuntu.com/usn/USN-2702-2", "name": "USN-2702-2", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html", "name": "openSUSE-SU-2015:1390", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.ubuntu.com/usn/USN-2702-1", "name": "USN-2702-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html", "name": "FEDORA-2015-14011", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html", "name": "FEDORA-2015-14010", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://security.gentoo.org/glsa/201605-06", "name": "GLSA-201605-06", "tags": [], "refsource": "GENTOO"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html", "name": "SUSE-SU-2015:2081", "tags": [], "refsource": "SUSE"}, {"url": "https://security.gentoo.org/glsa/201512-05", "name": "GLSA-201512-05", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.securitytracker.com/id/1033372", "name": "1033372", "tags": [], "refsource": "SECTRACK"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1694.html", "name": "RHSA-2015:1694", "tags": [], "refsource": "REDHAT"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html", "name": "openSUSE-SU-2015:1500", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html", "name": "openSUSE-SU-2015:1454", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html", "name": "openSUSE-SU-2015:1453", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html", "name": "SUSE-SU-2015:1528", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html", "name": "SUSE-SU-2015:1449", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html", "name": "FEDORA-2015-13926", "tags": [], "refsource": "FEDORA"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html", "name": "FEDORA-2015-13925", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.ubuntu.com/usn/USN-2722-1", "name": "USN-2722-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.ubuntu.com/usn/USN-2712-1", "name": "USN-2712-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.ubuntu.com/usn/USN-2702-3", "name": "USN-2702-3", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.securitytracker.com/id/1033247", "name": "1033247", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.debian.org/security/2015/dsa-3337", "name": "DSA-3337", "tags": [], "refsource": "DEBIAN"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1682.html", "name": "RHSA-2015:1682", "tags": [], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html", "name": "RHSA-2015:1586", "tags": [], "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-189"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-4491", "ASSIGNER": "security@mozilla.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2015-08-16T01:59Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.31.4"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false, "versionEndIncluding": "39.0.3"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:27Z"}

6.8 /10