CVE-2017-12447 — HIGH (7.8)

Vulnerability Description

GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnome	Gdk-Pixbuf	2.32.2
Gnome	Nautilus	3.14.3
Canonical	Ubuntu Linux	16.04

Related Weaknesses (CWE)

CWE-119

References

https://bugzilla.gnome.org/show_bug.cgi?id=785979ExploitIssue TrackingVendor Advisory
https://github.com/hackerlib/hackerlib-vul/tree/master/gnomeExploitThird Party Advisory
https://usn.ubuntu.com/3912-1/
https://bugzilla.gnome.org/show_bug.cgi?id=785979ExploitIssue TrackingVendor Advisory
https://github.com/hackerlib/hackerlib-vul/tree/master/gnomeExploitThird Party Advisory
https://usn.ubuntu.com/3912-1/

FAQ

What is CVE-2017-12447?

CVE-2017-12447 is a vulnerability with a CVSS score of 7.8 (HIGH). GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impac...

How severe is CVE-2017-12447?

CVE-2017-12447 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-12447?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gdk-Pixbuf, Gnome Nautilus, Canonical Ubuntu Linux.