gdk-pixbuf-devel-2.36.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10453-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gdk-pixbuf-devel-2.36.0-1.1 on GA media These are all security issues fixed in the gdk-pixbuf-devel-2.36.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10453 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2011-2485/ SUSE CVE CVE-2011-2485 page https://www.suse.com/security/cve/CVE-2015-4491/ SUSE CVE CVE-2015-4491 page https://www.suse.com/security/cve/CVE-2015-7552/ SUSE CVE CVE-2015-7552 page https://www.suse.com/security/cve/CVE-2015-7673/ SUSE CVE CVE-2015-7673 page https://www.suse.com/security/cve/CVE-2015-7674/ SUSE CVE CVE-2015-7674 page https://www.suse.com/security/cve/CVE-2016-6352/ SUSE CVE CVE-2016-6352 page openSUSE Tumbleweed gdk-pixbuf-devel-2.36.0-1.1 gdk-pixbuf-devel-32bit-2.36.0-1.1 gdk-pixbuf-lang-2.36.0-1.1 gdk-pixbuf-query-loaders-2.36.0-1.1 gdk-pixbuf-query-loaders-32bit-2.36.0-1.1 libgdk_pixbuf-2_0-0-2.36.0-1.1 libgdk_pixbuf-2_0-0-32bit-2.36.0-1.1 typelib-1_0-GdkPixbuf-2_0-2.36.0-1.1 gdk-pixbuf-devel-2.36.0-1.1 as a component of openSUSE Tumbleweed gdk-pixbuf-devel-32bit-2.36.0-1.1 as a component of openSUSE Tumbleweed gdk-pixbuf-lang-2.36.0-1.1 as a component of openSUSE Tumbleweed gdk-pixbuf-query-loaders-2.36.0-1.1 as a component of openSUSE Tumbleweed gdk-pixbuf-query-loaders-32bit-2.36.0-1.1 as a component of openSUSE Tumbleweed libgdk_pixbuf-2_0-0-2.36.0-1.1 as a component of openSUSE Tumbleweed libgdk_pixbuf-2_0-0-32bit-2.36.0-1.1 as a component of openSUSE Tumbleweed typelib-1_0-GdkPixbuf-2_0-2.36.0-1.1 as a component of openSUSE Tumbleweed The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. CVE-2011-2485 openSUSE Tumbleweed:gdk-pixbuf-devel-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-devel-32bit-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-lang-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-32bit-2.36.0-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-2.36.0-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-32bit-2.36.0-1.1 openSUSE Tumbleweed:typelib-1_0-GdkPixbuf-2_0-2.36.0-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2485.html CVE-2011-2485 https://bugzilla.suse.com/702028 SUSE Bug 702028 Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. CVE-2015-4491 openSUSE Tumbleweed:gdk-pixbuf-devel-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-devel-32bit-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-lang-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-32bit-2.36.0-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-2.36.0-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-32bit-2.36.0-1.1 openSUSE Tumbleweed:typelib-1_0-GdkPixbuf-2_0-2.36.0-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4491.html CVE-2015-4491 https://bugzilla.suse.com/940806 SUSE Bug 940806 https://bugzilla.suse.com/942801 SUSE Bug 942801 https://bugzilla.suse.com/948790 SUSE Bug 948790 Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file. CVE-2015-7552 openSUSE Tumbleweed:gdk-pixbuf-devel-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-devel-32bit-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-lang-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-32bit-2.36.0-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-2.36.0-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-32bit-2.36.0-1.1 openSUSE Tumbleweed:typelib-1_0-GdkPixbuf-2_0-2.36.0-1.1 moderate 6 AV:N/AC:M/Au:S/C:P/I:P/A:P 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7552.html CVE-2015-7552 https://bugzilla.suse.com/958963 SUSE Bug 958963 io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. CVE-2015-7673 openSUSE Tumbleweed:gdk-pixbuf-devel-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-devel-32bit-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-lang-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-32bit-2.36.0-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-2.36.0-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-32bit-2.36.0-1.1 openSUSE Tumbleweed:typelib-1_0-GdkPixbuf-2_0-2.36.0-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7673.html CVE-2015-7673 https://bugzilla.suse.com/948790 SUSE Bug 948790 Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. CVE-2015-7674 openSUSE Tumbleweed:gdk-pixbuf-devel-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-devel-32bit-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-lang-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-32bit-2.36.0-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-2.36.0-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-32bit-2.36.0-1.1 openSUSE Tumbleweed:typelib-1_0-GdkPixbuf-2_0-2.36.0-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7674.html CVE-2015-7674 https://bugzilla.suse.com/948791 SUSE Bug 948791 The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. CVE-2016-6352 openSUSE Tumbleweed:gdk-pixbuf-devel-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-devel-32bit-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-lang-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-2.36.0-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-32bit-2.36.0-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-2.36.0-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-32bit-2.36.0-1.1 openSUSE Tumbleweed:typelib-1_0-GdkPixbuf-2_0-2.36.0-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6352.html CVE-2016-6352 https://bugzilla.suse.com/1027024 SUSE Bug 1027024 https://bugzilla.suse.com/991450 SUSE Bug 991450