PT-2015-6604 · Mozilla+6 · Firefox+7

Gustavo Grieco

·

Published

2015-08-11

·

Updated

2024-12-12

·

CVE-2015-4491

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions gdk-pixbuf versions prior to 2.31.5 Mozilla Firefox versions prior to 40.0 Firefox ESR 38.x versions prior to 38.2 Google Chrome (affected versions not specified)
Description The issue is related to an integer overflow in the make filter table function, which can be exploited by remote attackers to execute arbitrary code or cause a denial of service. This is achieved through crafted bitmap dimensions that are mishandled during scaling, resulting in a heap-based buffer overflow and application crash.
Recommendations For gdk-pixbuf versions prior to 2.31.5, update to version 2.31.5 or later. For Mozilla Firefox versions prior to 40.0, update to version 40.0 or later. For Firefox ESR 38.x versions prior to 38.2, update to version 38.2 or later. For Google Chrome, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CESA-2015_1586
CESA-2015_1682
CESA-2015_1694
CVE-2015-4491
DLA-434-1
DSA-3337-1
DSA-3337-2
MGASA-2015-0312
MGASA-2015-0313
MGASA-2015-0330
OPENSUSE-SU-2015_1389-1
OPENSUSE-SU-2015_1390-1
OPENSUSE-SU-2018_2287-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:10453-1
OPENSUSE-SU-2024:14572-1
RHSA-2015:1586
RHSA-2015:1682
RHSA-2015:1694
RHSA-2015_1586
RHSA-2015_1682
RHSA-2015_1694
SUSE-SU-2015:1449-1
SUSE-SU-2015:1476-1
SUSE-SU-2015:1528-1
SUSE-SU-2015:1787-1
SUSE-SU-2015:2195-1
SUSE-SU-2015:2195-2
SUSE-SU-2015_1787-1
SUSE-SU-2015_2195-1
SUSE-SU-2015_2195-2
SUSE-SU-2018:2145-1
SUSE-SU-2018_2145-1
USN-2702-1
USN-2702-2
USN-2702-3
USN-2712-1
USN-2722-1

Affected Products

Centos
Firefox Esr
Google Chrome
Firefox
Red Hat
Suse
Ubuntu
Gdk-Pixbuf