Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-7673

Published: 2 October 2015

io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.

Notes

AuthorNote
mdeslaur 
this is actually fixed in 2.32.0, not 2.32.1

Priority

Medium

Status

Package Release Status
gdk-pixbuf
Launchpad, Ubuntu, Debian 		precise
Released (2.26.1-1ubuntu1.3)
trusty
Released (2.30.7-0ubuntu1.2)
upstream
Released (2.32.0-1,2.32.1)
vivid
Released (2.31.3-1ubuntu0.2)
Patches:
upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
upstream: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading