Debian Security Advisory
DLA-434-1 gtk+2.0 -- LTS security update
- Date Reported:
- 27 Feb 2016
- Affected Packages:
- gtk+2.0
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-4491, CVE-2015-7673, CVE-2015-7674.
- More information:
-
Gustavo Grieco discovered different security issues in Gtk+2.0's gdk-pixbuf.
- CVE-2015-4491
Heap overflow when processing BMP images which may allow to execute of arbitrary code via malformed images.
- CVE-2015-7673
Heap overflow when processing TGA images which may allow execute arbitrary code or denial of service (process crash) via malformed images.
- CVE-2015-7674
Integer overflow when processing GIF images which may allow to execute arbitrary code or denial of service (process crash) via malformed image.
For Debian 6
Squeeze
, these issues have been fixed in gtk+2.0 version 2.20.1-2+deb6u2. We recommend you to upgrade your gtk+2.0 packages. - CVE-2015-4491