[Secure-testing-team] Bug#856445: gdk-pixbuf: CVE-2017-6313: Integer underflow in io-icns.c

Salvatore Bonaccorso carnil at debian.org
Wed Mar 1 06:03:30 UTC 2017


Source: gdk-pixbuf
Version: 2.31.1-2
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for gdk-pixbuf. There is no
patch upstream yet, and from a quick skim over io-icns.c the soure is
there.

CVE-2017-6313[0]:
An dangerous integer underflow in io-icns.c

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-6313
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6313

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



More information about the Secure-testing-team mailing list