1. Home
  2. Vulnerabilities
  3. CVE-2015-4491

CVE-2015-4491

CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 1.27 % (86th)
1.27% Progress
Affected Products 9
Advisories 28
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Weaknesses
CWE-189
Numeric Errors
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2015-08-16 01:59:19
(9 years ago)
Updated Date
2018-10-30 16:27:35
(5 years ago)

Affected Products

Canonical

Fedoraproject

Gnome

Google

Linux

Mozilla

Opensuse

Oracle

Configuration #1

AND
    CPE23 From Up To
OR  
  Gnome Gdk-pixbuf 2.31.4 and prior versions cpe:2.3:a:gnome:gdk-pixbuf <= 2.31.4
OR  
  Running on/with
  Google Chrome cpe:2.3:a:google:chrome:-
OR  
  Running on/with
  Mozilla Firefox 39.0.3 and prior versions cpe:2.3:a:mozilla:firefox <= 39.0.3
OR  
  Running on/with
  Mozilla Firefox Esr 38.0 cpe:2.3:a:mozilla:firefox_esr:38.0
OR  
  Running on/with
  Mozilla Firefox Esr 38.0.1 cpe:2.3:a:mozilla:firefox_esr:38.0.1
OR  
  Running on/with
  Mozilla Firefox Esr 38.0.5 cpe:2.3:a:mozilla:firefox_esr:38.0.5
OR  
  Running on/with
  Mozilla Firefox Esr 38.1.0 cpe:2.3:a:mozilla:firefox_esr:38.1.0
OR  
  Running on/with
  Linux Kernel cpe:2.3:o:linux:linux_kernel

Configuration #2

AND
    CPE23 From Up To
OR  
  Oracle Solaris 10 cpe:2.3:o:oracle:solaris:10
OR  
  Running on/with
  Oracle Solaris 11.3 cpe:2.3:o:oracle:solaris:11.3

Configuration #3

AND
    CPE23 From Up To
OR  
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts
OR  
  Running on/with
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts
OR  
  Running on/with
  Canonical Ubuntu Linux 15.04 cpe:2.3:o:canonical:ubuntu_linux:15.04
OR  
  Running on/with
  Fedoraproject Fedora 21 cpe:2.3:o:fedoraproject:fedora:21
OR  
  Running on/with
  Fedoraproject Fedora 22 cpe:2.3:o:fedoraproject:fedora:22
OR  
  Running on/with
  Opensuse 13.1 cpe:2.3:o:opensuse:opensuse:13.1
OR  
  Running on/with
  Opensuse 13.2 cpe:2.3:o:opensuse:opensuse:13.2