Source: gdk-pixbuf Version: 2.36.5-1 Severity: grave Tags: upstream patch security Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=784866
Hi, the following vulnerability was published for gdk-pixbuf. CVE-2017-2862[0]: | An exploitable heap overflow vulnerability exists in the | gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf | 2.36.6. A specially crafted jpeg file can cause a heap overflow | resulting in remote code execution. An attacker can send a file or url | to trigger this vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-2862 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862 [1] https://bugzilla.gnome.org/show_bug.cgi?id=784866 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
