Bug 630026 (CVE-2017-2862, CVE-2017-2870)

Summary:	<x11-libs/gdk-pixbuf-2.36.9: remote code execution vulnerabilities
Product:	Gentoo Security	Reporter:	Aleksandr Wagner (Kivak) <alwag>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	gnome
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=611390
Whiteboard:	A2 [glsa cve]
Package list:		Runtime testing required:	---
Bug Depends on:	611390
Bug Blocks:

Description Aleksandr Wagner (Kivak) 2017-09-05 19:14:39 UTC

CVE-2017-2862 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862):

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. 

References:

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366

CVE-2017-2870 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2870):

An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. 

References:

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377

@Maintainer(s): The fixed version needs to be stabilized for ppc, ppc64, and hppa in order to remove it from the tree.

Comment 1 Gilles Dartiguelongue (RETIRED) gentoo-dev

2017-09-10 09:54:07 UTC

2.36.9 is now stable.

Comment 2 Aleksandr Wagner (Kivak) 2017-09-10 14:36:57 UTC

Stabilization and cleanup occurred on bug 611390.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2017-09-17 15:49:51 UTC

This issue was resolved and addressed in
 GLSA 201709-08 at https://security.gentoo.org/glsa/201709-08
by GLSA coordinator Aaron Bauman (b-man).