[Buildroot] [PATCH] gdk-pixbuf: security bump to version 2.36.10
peter at korsgaard.com
Fri Sep 22 07:48:25 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> CVE-2017-2862 - An exploitable heap overflow vulnerability exists in the
> gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A
> specially crafted jpeg file can cause a heap overflow resulting in remote
> code execution. An attacker can send a file or url to trigger this
> CVE-2017-2870 - An exploitable integer overflow vulnerability exists in the
> tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with
> Clang. A specially crafted tiff file can cause a heap-overflow resulting in
> remote code execution. An attacker can send a file or a URL to trigger this
> CVE-2017-6311 - gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows
> context-dependent attackers to cause a denial of service (NULL pointer
> dereference and application crash) via vectors related to printing an error
> The host version now needs the same workaround as we do for the target to
> not pull in shared-mime-info.
> Also add a hash for the license file while we're at it.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.02.x, thanks.
Bye, Peter Korsgaard
More information about the buildroot