RHEL 6 / 7 : gdk-pixbuf2 (RHSA-2015:1694)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated gdk-pixbuf2 packages that fix one security issue are now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

gdk-pixbuf is an image loading library that can be extended by
loadable modules for new image formats. It is used by toolkits such as
GTK+ or clutter.

An integer overflow, leading to a heap-based buffer overflow, was
found in the way gdk-pixbuf, an image loading library for GNOME,
scaled certain bitmap format images. An attacker could use a specially
crafted BMP image file that, when processed by an application compiled
against the gdk-pixbuf library, would cause that application to crash
or execute arbitrary code with the permissions of the user running the
application. (CVE-2015-4491)

Red Hat would like to thank the Mozilla project for reporting this
issue. Upstream acknowledges Gustavo Grieco as the original reporter.

All gdk-pixbuf2 users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.

See also :


Solution :

Update the affected gdk-pixbuf2, gdk-pixbuf2-debuginfo and / or
gdk-pixbuf2-devel packages.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 85717 ()

Bugtraq ID:

CVE ID: CVE-2015-4491

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now