All Vulnerability Reports

USN-2722-1 GDK-PixBuf Vulnerabilities


Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • libgdk-pixbuf2.0-0 2.30.7-0ubuntu1.1

Description

It was discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

  • Cloud Foundry Runtime: all versions of cf-release prior to 214 are vulnerable to the aforementioned CVEs.
  • Products in the PCF Suite containing cf-release 214 or earlier are vulnerable to the aforementioned CVE:
    • Elastic Runtime v1.5.5 or earlier

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry Deployments using cf-release 214 or lower upgrade to 215 or higher to resolve the aforementioned CVEs.
  • Pivotal recommends customers upgrade to the following releases in the PCF Suite:

Credit

Gustavo Grieco

References