Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for gdk-pixbuf2 (EulerOS-SA-2018-1045)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.2.2018.1045

Categoría: Huawei EulerOS Local Security Checks

Título: Huawei EulerOS: Security Advisory for gdk-pixbuf2 (EulerOS-SA-2018-1045)

Resumen: The remote host is missing an update for the Huawei EulerOS 'gdk-pixbuf2' package(s) announced via the EulerOS-SA-2018-1045 advisory.

Descripción: Summary:
The remote host is missing an update for the Huawei EulerOS 'gdk-pixbuf2' package(s) announced via the EulerOS-SA-2018-1045 advisory.

Vulnerability Insight:
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.(CVE-2017-2862)

An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.(CVE-2017-2870)

Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution.(CVE-2017-1000422)

Affected Software/OS:
'gdk-pixbuf2' package(s) on Huawei EulerOS V2.0SP1.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-2862
BugTraq ID: 100541
http://www.securityfocus.com/bid/100541
Debian Security Information: DSA-3978 (Google Search)
http://www.debian.org/security/2017/dsa-3978
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366
Common Vulnerability Exposure (CVE) ID: CVE-2017-2870
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377
https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.2.2018.1045
Categoría:	Huawei EulerOS Local Security Checks
Título:	Huawei EulerOS: Security Advisory for gdk-pixbuf2 (EulerOS-SA-2018-1045)
Resumen:	The remote host is missing an update for the Huawei EulerOS 'gdk-pixbuf2' package(s) announced via the EulerOS-SA-2018-1045 advisory.
Descripción:	Summary: The remote host is missing an update for the Huawei EulerOS 'gdk-pixbuf2' package(s) announced via the EulerOS-SA-2018-1045 advisory. Vulnerability Insight: An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.(CVE-2017-2862) An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.(CVE-2017-2870) Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution.(CVE-2017-1000422) Affected Software/OS: 'gdk-pixbuf2' package(s) on Huawei EulerOS V2.0SP1. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-2862 BugTraq ID: 100541 http://www.securityfocus.com/bid/100541 Debian Security Information: DSA-3978 (Google Search) http://www.debian.org/security/2017/dsa-3978 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366 Common Vulnerability Exposure (CVE) ID: CVE-2017-2870 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377 https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH