CVE-2015-4491 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Fedoraproject	Fedora
Gnome	Gdk-pixbuf
Google	Chrome
Linux	Linux Kernel
Mozilla	Firefox
Opensuse	Opensuse
Oracle	Solaris
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
firefox-0:38.2.0-4.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:1586	2015-08-11T00:00:00Z
thunderbird-0:38.2.0-4.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:1682	2015-08-25T00:00:00Z
Red Hat Enterprise Linux 6
firefox-0:38.2.0-4.el6_7	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1586	2015-08-11T00:00:00Z
thunderbird-0:38.2.0-4.el6_7	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1682	2015-08-25T00:00:00Z
gdk-pixbuf2-0:2.24.1-6.el6_7	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1694	2015-08-31T00:00:00Z
Red Hat Enterprise Linux 7
firefox-0:38.2.0-4.el7_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1586	2015-08-11T00:00:00Z
thunderbird-0:38.2.0-1.el7_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1682	2015-08-25T00:00:00Z
gdk-pixbuf2-0:2.28.2-5.el7_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1694	2015-08-31T00:00:00Z

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html
http://rhn.redhat.com/errata/RHSA-2015-1586.html
http://rhn.redhat.com/errata/RHSA-2015-1682.html
http://rhn.redhat.com/errata/RHSA-2015-1694.html
http://www.debian.org/security/2015/dsa-3337
http://www.mozilla.org/security/announce/2015/mfsa2015-88.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securitytracker.com/id/1033247
http://www.securitytracker.com/id/1033372
http://www.ubuntu.com/usn/USN-2702-1
http://www.ubuntu.com/usn/USN-2702-2
http://www.ubuntu.com/usn/USN-2702-3
http://www.ubuntu.com/usn/USN-2712-1
http://www.ubuntu.com/usn/USN-2722-1
https://bugzilla.gnome.org/show_bug.cgi?id=752297
https://bugzilla.mozilla.org/show_bug.cgi?id=1184009
https://bugzilla.redhat.com/show_bug.cgi?id=1252290
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
https://nvd.nist.gov/vuln/detail/CVE-2015-4491
https://security.gentoo.org/glsa/201512-05
https://security.gentoo.org/glsa/201605-06
https://www.cve.org/CVERecord?id=CVE-2015-4491
https://www.mozilla.org/security/announce/2015/mfsa2015-88.html

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox_esr:38.0.1:::::::* cpe:2.3:a:mozilla:firefox_esr:38.0.5:::::::* cpe:2.3:a:mozilla:firefox_esr:38.0:::::::* cpe:2.3:a:mozilla:firefox_esr:38.1.0:::::::*	cpe:2.3:a:mozilla:firefox:38.0.1:::::::* cpe:2.3:a:mozilla:firefox:38.0.5:::::::* cpe:2.3:a:mozilla:firefox:38.0:::::::* cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
Vendors & Products	Mozilla firefox Esr

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-11T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-22T18:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-88.html"}, {"name": "FEDORA-2015-14011", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html"}, {"name": "DSA-3337", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3337"}, {"name": "openSUSE-SU-2015:1500", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html"}, {"name": "SUSE-SU-2015:2081", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199"}, {"name": "USN-2712-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2712-1"}, {"name": "openSUSE-SU-2015:1454", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html"}, {"name": "USN-2702-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2702-3"}, {"name": "RHSA-2015:1682", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1682.html"}, {"name": "openSUSE-SU-2015:1389", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html"}, {"name": "openSUSE-SU-2015:1453", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html"}, {"name": "FEDORA-2015-13926", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html"}, {"name": "RHSA-2015:1586", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252290"}, {"name": "FEDORA-2015-13925", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html"}, {"name": "USN-2722-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2722-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "SUSE-SU-2015:1528", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html"}, {"name": "1033247", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033247"}, {"name": "USN-2702-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2702-2"}, {"name": "RHSA-2015:1694", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1694.html"}, {"name": "USN-2702-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2702-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=752297"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1184009"}, {"name": "GLSA-201605-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "FEDORA-2015-14010", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html"}, {"name": "1033372", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033372"}, {"name": "SUSE-SU-2015:1449", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"}, {"name": "GLSA-201512-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201512-05"}, {"name": "openSUSE-SU-2015:1390", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2015-4491", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-88.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-88.html"}, {"name": "FEDORA-2015-14011", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html"}, {"name": "DSA-3337", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3337"}, {"name": "openSUSE-SU-2015:1500", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html"}, {"name": "SUSE-SU-2015:2081", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"name": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199", "refsource": "CONFIRM", "url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199"}, {"name": "USN-2712-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2712-1"}, {"name": "openSUSE-SU-2015:1454", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html"}, {"name": "USN-2702-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2702-3"}, {"name": "RHSA-2015:1682", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1682.html"}, {"name": "openSUSE-SU-2015:1389", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html"}, {"name": "openSUSE-SU-2015:1453", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html"}, {"name": "FEDORA-2015-13926", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html"}, {"name": "RHSA-2015:1586", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252290", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252290"}, {"name": "FEDORA-2015-13925", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html"}, {"name": "USN-2722-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2722-1"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "SUSE-SU-2015:1528", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html"}, {"name": "1033247", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033247"}, {"name": "USN-2702-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2702-2"}, {"name": "RHSA-2015:1694", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1694.html"}, {"name": "USN-2702-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2702-1"}, {"name": "https://bugzilla.gnome.org/show_bug.cgi?id=752297", "refsource": "CONFIRM", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=752297"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1184009", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1184009"}, {"name": "GLSA-201605-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "FEDORA-2015-14010", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html"}, {"name": "1033372", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033372"}, {"name": "SUSE-SU-2015:1449", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"}, {"name": "GLSA-201512-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201512-05"}, {"name": "openSUSE-SU-2015:1390", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:18:11.566Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-88.html"}, {"name": "FEDORA-2015-14011", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html"}, {"name": "DSA-3337", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3337"}, {"name": "openSUSE-SU-2015:1500", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html"}, {"name": "SUSE-SU-2015:2081", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199"}, {"name": "USN-2712-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2712-1"}, {"name": "openSUSE-SU-2015:1454", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html"}, {"name": "USN-2702-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2702-3"}, {"name": "RHSA-2015:1682", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1682.html"}, {"name": "openSUSE-SU-2015:1389", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html"}, {"name": "openSUSE-SU-2015:1453", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html"}, {"name": "FEDORA-2015-13926", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html"}, {"name": "RHSA-2015:1586", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252290"}, {"name": "FEDORA-2015-13925", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html"}, {"name": "USN-2722-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2722-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "SUSE-SU-2015:1528", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html"}, {"name": "1033247", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033247"}, {"name": "USN-2702-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2702-2"}, {"name": "RHSA-2015:1694", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1694.html"}, {"name": "USN-2702-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2702-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=752297"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1184009"}, {"name": "GLSA-201605-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "FEDORA-2015-14010", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html"}, {"name": "1033372", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033372"}, {"name": "SUSE-SU-2015:1449", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"}, {"name": "GLSA-201512-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201512-05"}, {"name": "openSUSE-SU-2015:1390", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2015-4491", "datePublished": "2015-08-16T01:00:00", "dateReserved": "2015-06-10T00:00:00", "dateUpdated": "2024-08-06T06:18:11.566Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-08-11T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-12-22T18:57:01 (string)

orgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

shortName : mozilla (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.mozilla.org/security/announce/2015/mfsa2015-88.html (string)

}

1 : { »

name : FEDORA-2015-14011 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html (string)

}

2 : { »

name : DSA-3337 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2015/dsa-3337 (string)

}

3 : { »

name : openSUSE-SU-2015:1500 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html (string)

}

4 : { »

name : SUSE-SU-2015:2081 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199 (string)

}

6 : { »

name : USN-2712-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2712-1 (string)

}

7 : { »

name : openSUSE-SU-2015:1454 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html (string)

}

8 : { »

name : USN-2702-3 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2702-3 (string)

}

9 : { »

name : RHSA-2015:1682 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1682.html (string)

}

10 : { »

name : openSUSE-SU-2015:1389 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html (string)

}

11 : { »

name : openSUSE-SU-2015:1453 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html (string)

}

12 : { »

name : FEDORA-2015-13926 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html (string)

}

13 : { »

name : RHSA-2015:1586 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1586.html (string)

}

14 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1252290 (string)

}

15 : { »

name : FEDORA-2015-13925 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html (string)

}

16 : { »

name : USN-2722-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2722-1 (string)

}

17 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

18 : { »

name : SUSE-SU-2015:1528 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html (string)

}

19 : { »

name : 1033247 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1033247 (string)

}

20 : { »

name : USN-2702-2 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2702-2 (string)

}

21 : { »

name : RHSA-2015:1694 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1694.html (string)

}

22 : { »

name : USN-2702-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2702-1 (string)

}

23 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.gnome.org/show_bug.cgi?id=752297 (string)

}

24 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1184009 (string)

}

25 : { »

name : GLSA-201605-06 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201605-06 (string)

}

26 : { »

name : FEDORA-2015-14010 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html (string)

}

27 : { »

name : 1033372 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1033372 (string)

}

28 : { »

name : SUSE-SU-2015:1449 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html (string)

}

29 : { »

name : GLSA-201512-05 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201512-05 (string)

}

30 : { »

name : openSUSE-SU-2015:1390 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html (string)

}

31 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@mozilla.org (string)

ID : CVE-2015-4491 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://www.mozilla.org/security/announce/2015/mfsa2015-88.html (string)

refsource : CONFIRM (string)

url : http://www.mozilla.org/security/announce/2015/mfsa2015-88.html (string)

}

1 : { »

name : FEDORA-2015-14011 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html (string)

}

2 : { »

name : DSA-3337 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2015/dsa-3337 (string)

}

3 : { »

name : openSUSE-SU-2015:1500 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html (string)

}

4 : { »

name : SUSE-SU-2015:2081 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html (string)

}

5 : { »

name : https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199 (string)

refsource : CONFIRM (string)

url : https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199 (string)

}

6 : { »

name : USN-2712-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2712-1 (string)

}

7 : { »

name : openSUSE-SU-2015:1454 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html (string)

}

8 : { »

name : USN-2702-3 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2702-3 (string)

}

9 : { »

name : RHSA-2015:1682 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1682.html (string)

}

10 : { »

name : openSUSE-SU-2015:1389 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html (string)

}

11 : { »

name : openSUSE-SU-2015:1453 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html (string)

}

12 : { »

name : FEDORA-2015-13926 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html (string)

}

13 : { »

name : RHSA-2015:1586 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1586.html (string)

}

14 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=1252290 (string)

refsource : CONFIRM (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1252290 (string)

}

15 : { »

name : FEDORA-2015-13925 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html (string)

}

16 : { »

name : USN-2722-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2722-1 (string)

}

17 : { »

name : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

18 : { »

name : SUSE-SU-2015:1528 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html (string)

}

19 : { »

name : 1033247 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1033247 (string)

}

20 : { »

name : USN-2702-2 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2702-2 (string)

}

21 : { »

name : RHSA-2015:1694 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1694.html (string)

}

22 : { »

name : USN-2702-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2702-1 (string)

}

23 : { »

name : https://bugzilla.gnome.org/show_bug.cgi?id=752297 (string)

refsource : CONFIRM (string)

url : https://bugzilla.gnome.org/show_bug.cgi?id=752297 (string)

}

24 : { »

name : https://bugzilla.mozilla.org/show_bug.cgi?id=1184009 (string)

refsource : CONFIRM (string)

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1184009 (string)

}

25 : { »

name : GLSA-201605-06 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201605-06 (string)

}

26 : { »

name : FEDORA-2015-14010 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html (string)

}

27 : { »

name : 1033372 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1033372 (string)

}

28 : { »

name : SUSE-SU-2015:1449 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html (string)

}

29 : { »

name : GLSA-201512-05 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201512-05 (string)

}

30 : { »

name : openSUSE-SU-2015:1390 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html (string)

}

31 : { »

name : http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T06:18:11.566Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.mozilla.org/security/announce/2015/mfsa2015-88.html (string)

}

1 : { »

name : FEDORA-2015-14011 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html (string)

}

2 : { »

name : DSA-3337 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2015/dsa-3337 (string)

}

3 : { »

name : openSUSE-SU-2015:1500 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html (string)

}

4 : { »

name : SUSE-SU-2015:2081 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199 (string)

}

6 : { »

name : USN-2712-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2712-1 (string)

}

7 : { »

name : openSUSE-SU-2015:1454 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html (string)

}

8 : { »

name : USN-2702-3 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2702-3 (string)

}

9 : { »

name : RHSA-2015:1682 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1682.html (string)

}

10 : { »

name : openSUSE-SU-2015:1389 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html (string)

}

11 : { »

name : openSUSE-SU-2015:1453 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html (string)

}

12 : { »

name : FEDORA-2015-13926 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html (string)

}

13 : { »

name : RHSA-2015:1586 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1586.html (string)

}

14 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1252290 (string)

}

15 : { »

name : FEDORA-2015-13925 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html (string)

}

16 : { »

name : USN-2722-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2722-1 (string)

}

17 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

18 : { »

name : SUSE-SU-2015:1528 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html (string)

}

19 : { »

name : 1033247 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1033247 (string)

}

20 : { »

name : USN-2702-2 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2702-2 (string)

}

21 : { »

name : RHSA-2015:1694 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1694.html (string)

}

22 : { »

name : USN-2702-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2702-1 (string)

}

23 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.gnome.org/show_bug.cgi?id=752297 (string)

}

24 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1184009 (string)

}

25 : { »

name : GLSA-201605-06 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201605-06 (string)

}

26 : { »

name : FEDORA-2015-14010 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html (string)

}

27 : { »

name : 1033372 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1033372 (string)

}

28 : { »

name : SUSE-SU-2015:1449 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html (string)

}

29 : { »

name : GLSA-201512-05 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201512-05 (string)

}

30 : { »

name : openSUSE-SU-2015:1390 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html (string)

}

31 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

assignerShortName : mozilla (string)

cveId : CVE-2015-4491 (string)

datePublished : 2015-08-16T01:00:00 (string)

dateReserved : 2015-06-10T00:00:00 (string)

dateUpdated : 2024-08-06T06:18:11.566Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E09B59A-3E1C-4DCC-8240-3A7E0E4CC647", "versionEndIncluding": "2.31.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", "matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C", "vulnerable": false}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "40AB4FC4-00EA-4C4E-81D8-170BD068B28B", "versionEndIncluding": "39.0.3", "vulnerable": false}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*", "matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE", "vulnerable": false}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5", "vulnerable": false}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4", "vulnerable": false}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling."}, {"lang": "es", "value": "Vulnerabilidad de desbordamiento de entero en la funci\u00f3n make_filter_table en pixops/pixops.c en gdk-pixbuf en versiones anteriores a 2.31.5, tal como es usado en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2 en Linux, Google Chrome en Linux y otros productos, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (desbordamiento de buffer basado en memoria din\u00e1mica y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de dimensiones bitmap manipuladas que no son manejadas correctamente durante el escalado.."}], "id": "CVE-2015-4491", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-08-16T01:59:19.143", "references": [{"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html"}, {"source": "security@mozilla.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html"}, {"source": "security@mozilla.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1682.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1694.html"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2015/dsa-3337"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-88.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "security@mozilla.org", "url": "http://www.securitytracker.com/id/1033247"}, {"source": "security@mozilla.org", "url": "http://www.securitytracker.com/id/1033372"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2702-1"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2702-2"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2702-3"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2712-1"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2722-1"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=752297"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1184009"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252290"}, {"source": "security@mozilla.org", "url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201512-05"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201605-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1682.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1694.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-88.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033247"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033372"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2702-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2702-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2702-3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2712-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2722-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=752297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1184009"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252290"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201512-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201605-06"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1E09B59A-3E1C-4DCC-8240-3A7E0E4CC647 (string)

versionEndIncluding : 2.31.4 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 39B565E1-C2F1-44FC-A517-E3130332B17C (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 40AB4FC4-00EA-4C4E-81D8-170BD068B28B (string)

versionEndIncluding : 39.0.3 (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 1F007CC6-9391-4E1C-A747-F3DE5E572FA5 (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 45E9641F-430C-4B3A-BD63-EC13DBD3D1E4 (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 5AADD23B-A8AF-4679-990D-C29A1D6EB5CD (string)

vulnerable : false (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 155AD4FB-E527-4103-BCEF-801B653DEA37 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:* (string)

matchCriteriaId : 964B57CD-CB8A-4520-B358-1C93EC5EF2DC (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 79A602C5-61FE-47BA-9786-F045B6C6DBA8 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : B5A6F2F3-4894-4392-8296-3B8DD2679084 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* (string)

matchCriteriaId : F38D3B7E-8429-473F-BB31-FC3583EE5A5B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* (string)

matchCriteriaId : 56BDB5A0-0839-4A20-A003-B8CD56F48171 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* (string)

matchCriteriaId : 253C303A-E577-4488-93E6-68A8DD942C38 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A10BC294-9196-425F-9FB0-B1625465B47F (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 03117DF1-3BEC-4B8D-AD63-DBBDB2126081 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad de desbordamiento de entero en la función make_filter_table en pixops/pixops.c en gdk-pixbuf en versiones anteriores a 2.31.5, tal como es usado en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2 en Linux, Google Chrome en Linux y otros productos, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica y caída de aplicación) a través de dimensiones bitmap manipuladas que no son manejadas correctamente durante el escalado.. (string)

}

]

id : CVE-2015-4491 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2015-08-16T01:59:19.143 (string)

references : [ »

0 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html (string)

}

1 : { »

source : security@mozilla.org (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html (string)

}

2 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html (string)

}

3 : { »

source : security@mozilla.org (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html (string)

}

4 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html (string)

}

5 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html (string)

}

6 : { »

source : security@mozilla.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html (string)

}

7 : { »

source : security@mozilla.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html (string)

}

8 : { »

source : security@mozilla.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html (string)

}

9 : { »

source : security@mozilla.org (string)

url : http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html (string)

}

10 : { »

source : security@mozilla.org (string)

url : http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html (string)

}

11 : { »

source : security@mozilla.org (string)

url : http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html (string)

}

12 : { »

source : security@mozilla.org (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1586.html (string)

}

13 : { »

source : security@mozilla.org (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1682.html (string)

}

14 : { »

source : security@mozilla.org (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1694.html (string)

}

15 : { »

source : security@mozilla.org (string)

url : http://www.debian.org/security/2015/dsa-3337 (string)

}

16 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.mozilla.org/security/announce/2015/mfsa2015-88.html (string)

}

17 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

18 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html (string)

}

19 : { »

source : security@mozilla.org (string)

url : http://www.securitytracker.com/id/1033247 (string)

}

20 : { »

source : security@mozilla.org (string)

url : http://www.securitytracker.com/id/1033372 (string)

}

21 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2702-1 (string)

}

22 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2702-2 (string)

}

23 : { »

source : security@mozilla.org (string)

url : http://www.ubuntu.com/usn/USN-2702-3 (string)

}

24 : { »

source : security@mozilla.org (string)

url : http://www.ubuntu.com/usn/USN-2712-1 (string)

}

25 : { »

source : security@mozilla.org (string)

url : http://www.ubuntu.com/usn/USN-2722-1 (string)

}

26 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bugzilla.gnome.org/show_bug.cgi?id=752297 (string)

}

27 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1184009 (string)

}

28 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1252290 (string)

}

29 : { »

source : security@mozilla.org (string)

url : https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199 (string)

}

30 : { »

source : security@mozilla.org (string)

url : https://security.gentoo.org/glsa/201512-05 (string)

}

31 : { »

source : security@mozilla.org (string)

url : https://security.gentoo.org/glsa/201605-06 (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html (string)

}

42 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html (string)

}

43 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html (string)

}

44 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1586.html (string)

}

45 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1682.html (string)

}

46 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1694.html (string)

}

47 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2015/dsa-3337 (string)

}

48 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.mozilla.org/security/announce/2015/mfsa2015-88.html (string)

}

49 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

50 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html (string)

}

51 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1033247 (string)

}

52 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1033372 (string)

}

53 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2702-1 (string)

}

54 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2702-2 (string)

}

55 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2702-3 (string)

}

56 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2712-1 (string)

}

57 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2722-1 (string)

}

58 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bugzilla.gnome.org/show_bug.cgi?id=752297 (string)

}

59 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1184009 (string)

}

60 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1252290 (string)

}

61 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199 (string)

}

62 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201512-05 (string)

}

63 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201605-06 (string)

}

]

sourceIdentifier : security@mozilla.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-189 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter.", "affected_release": [{"advisory": "RHSA-2015:1586", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:38.2.0-4.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-08-11T00:00:00Z"}, {"advisory": "RHSA-2015:1682", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "thunderbird-0:38.2.0-4.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-08-25T00:00:00Z"}, {"advisory": "RHSA-2015:1586", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:38.2.0-4.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-08-11T00:00:00Z"}, {"advisory": "RHSA-2015:1682", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:38.2.0-4.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-08-25T00:00:00Z"}, {"advisory": "RHSA-2015:1694", "cpe": "cpe:/o:redhat:enterprise_linux:6", "impact": "moderate", "package": "gdk-pixbuf2-0:2.24.1-6.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-08-31T00:00:00Z"}, {"advisory": "RHSA-2015:1586", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:38.2.0-4.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-08-11T00:00:00Z"}, {"advisory": "RHSA-2015:1682", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:38.2.0-1.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-08-25T00:00:00Z"}, {"advisory": "RHSA-2015:1694", "cpe": "cpe:/o:redhat:enterprise_linux:7", "impact": "moderate", "package": "gdk-pixbuf2-0:2.28.2-5.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-08-31T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)", "id": "1252290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252290"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-122", "details": ["Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.", "An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application."], "name": "CVE-2015-4491", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "gdk-pixbuf", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2015-08-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-4491\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4491\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-88.html"], "statement": "This issue did not affect the versions of gdk-pixbuf as shipped with Red Hat Enterprise Linux 5.", "threat_severity": "Important"}

{

acknowledgement : Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2015:1586 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : firefox-0:38.2.0-4.el5_11 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2015-08-11T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2015:1682 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : thunderbird-0:38.2.0-4.el5_11 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2015-08-25T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2015:1586 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : firefox-0:38.2.0-4.el6_7 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2015-08-11T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2015:1682 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : thunderbird-0:38.2.0-4.el6_7 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2015-08-25T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2015:1694 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

impact : moderate (string)

package : gdk-pixbuf2-0:2.24.1-6.el6_7 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2015-08-31T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2015:1586 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : firefox-0:38.2.0-4.el7_1 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2015-08-11T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2015:1682 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : thunderbird-0:38.2.0-1.el7_1 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2015-08-25T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2015:1694 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

impact : moderate (string)

package : gdk-pixbuf2-0:2.28.2-5.el7_1 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2015-08-31T00:00:00Z (string)

}

]

bugzilla : { »

description : Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88) (string)

id : 1252290 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1252290 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 6.8 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

status : verified (string)

}

cwe : CWE-122 (string)

details : [ »

0 : Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. (string)

1 : An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application. (string)

]

name : CVE-2015-4491 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : gdk-pixbuf (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

]

public_date : 2015-08-11T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2015-4491 https://nvd.nist.gov/vuln/detail/CVE-2015-4491 https://www.mozilla.org/security/announce/2015/mfsa2015-88.html (string)

]

statement : This issue did not affect the versions of gdk-pixbuf as shipped with Red Hat Enterprise Linux 5. (string)

threat_severity : Important (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object