Debian Security Advisory
DLA-434-1 gtk+2.0 -- LTS security update
- Date Reported:
- 27 Feb 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-4491, CVE-2015-7673, CVE-2015-7674.
- More information:
Gustavo Grieco discovered different security issues in Gtk+2.0's gdk-pixbuf.
Heap overflow when processing BMP images which may allow to execute of arbitrary code via malformed images.
Heap overflow when processing TGA images which may allow execute arbitrary code or denial of service (process crash) via malformed images.
Integer overflow when processing GIF images which may allow to execute arbitrary code or denial of service (process crash) via malformed image.
For Debian 6
Squeeze, these issues have been fixed in gtk+2.0 version 2.20.1-2+deb6u2. We recommend you to upgrade your gtk+2.0 packages.