SB2017061610 - Integer overflow in atkmm (Alpine package)
Published: June 16, 2017
Security Bulletin ID
SB2017061610
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2017-6312)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=e789927826b09e9833b6d752a0199780845107f9
- https://git.alpinelinux.org/aports/commit/?id=6a6c4ec15fc9ecf1d8bfe0d963f273b02740a251
- https://git.alpinelinux.org/aports/commit/?id=34beb0c38596e2e22c2004c89a5e119f7fd90b8d
- https://git.alpinelinux.org/aports/commit/?id=4abc00725b8070f30c7814bf02e0e9f4ebfe0f62
- https://git.alpinelinux.org/aports/commit/?id=249b5942e644803e9281d0fa78bf9c2f3edd6897
- https://git.alpinelinux.org/aports/commit/?id=26a3b95946a05fe95c71daa086edbaad40c866ba
- https://git.alpinelinux.org/aports/commit/?id=e316d123f313509137f4eb26ae3ba6b2266a9e93