Alpine: multiple gdk-pixbuf packages: security update to 2.30.7-r0 (deprecated)

high Tenable Cloud Security Plugin ID 401105

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used
in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and
other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based
buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
(CVE-2015-4491)

See Also

https://git.alpinelinux.org/aports/commit/?id=8eb537ab7f1ef8e526a8d037bee262a0f540f56b

https://git.alpinelinux.org/aports/commit/?id=ee045bbf9049865dc74218c737cf0af37a4da3ae

Plugin Details

Severity: High

ID: 401105

Version: Revision 1.27

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-4491

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 8/14/2015

Vulnerability Publication Date: 8/11/2015

Reference Information

CVE: CVE-2015-4491