[Buildroot] [PATCH 1/1] package/gdk-pixbuf: security bump to version 2.36.12
Peter Korsgaard
peter at korsgaard.com
Fri Aug 28 15:57:18 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine via buildroot <buildroot at busybox.net> writes:
> - Fix CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows
> context-dependent attackers to cause a denial of service (segmentation
> fault and application crash) via a crafted image entry offset in an
> ICO file, which triggers an out-of-bounds read, related to compiler
> optimizations.
> - Fix CVE-2017-6313: Integer underflow in the load_resources function in
> io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a
> denial of service (out-of-bounds read and program crash) via a crafted
> image entry size in an ICO file.
> - Fix CVE-2017-6314: The make_available_at_least function in io-tiff.c
> in gdk-pixbuf allows context-dependent attackers to cause a denial of
> service (infinite loop) via a large TIFF file.
> Also update indentation in hash file (two spaces)
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2020.02.x and 2020.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list