USN-2722-1 GDK-PixBuf Vulnerabilities
- libgdk-pixbuf2.0-0 2.30.7-0ubuntu1.1
It was discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.
Severity is medium unless otherwise noted.
- Cloud Foundry Runtime: all versions of cf-release prior to 214 are vulnerable to the aforementioned CVEs.
- Products in the PCF Suite containing cf-release 214 or earlier are vulnerable to the aforementioned CVE:
- Elastic Runtime v1.5.5 or earlier
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry Deployments using cf-release 214 or lower upgrade to 215 or higher to resolve the aforementioned CVEs.
- Pivotal recommends customers upgrade to the following releases in the PCF Suite:
- Elastic Runtime v1.5.6 or earlier