| Errata ID | 375 |
|---|---|
| Date | 2018-05-08 |
| Source package | gdk-pixbuf |
| Fixed in version | 2.31.1-2+deb8u7 |
| Description | This update addresses the following issue: * An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. (CVE-2017-2862) * Several integer overflow issues in the gif_get_lzw function resulting in memory corruption and potential code execution (CVE-2017-1000422) |
| Additional notes | |
| CVE ID | CVE-2017-2862 CVE-2017-1000422 |
| UCS Bug number | #45603 |
