CVE-2015-4491 — MEDIUM (6.8)

Q: How severe is CVE-2015-4491?

CVE-2015-4491 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-4491?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gdk-Pixbuf, Google Chrome, Mozilla Firefox, Linux Linux Kernel, Oracle Solaris.

Vulnerability Description

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Gnome	Gdk-Pixbuf	<= 2.31.4
Google	Chrome	-
Mozilla	Firefox	<= 39.0.3
Linux	Linux Kernel	All versions
Oracle	Solaris	10
Canonical	Ubuntu Linux	12.04
Fedoraproject	Fedora	21
Opensuse	Opensuse	13.1

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2015-4491?

CVE-2015-4491 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Li...

How severe is CVE-2015-4491?

CVE-2015-4491 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4491?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gdk-Pixbuf, Google Chrome, Mozilla Firefox, Linux Linux Kernel, Oracle Solaris.