| Name | CVE-2015-7552 |
| Description | Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more) |
| References | DLA-501-1, DSA-3589-1 |
| NVD severity | high (attack range: remote) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| gdk-pixbuf (PTS) | jessie (security), jessie | 2.31.1-2+deb8u7 | fixed |
| stretch (security), stretch | 2.36.5-2+deb9u2 | fixed | |
| bullseye, sid, buster | 2.38.1+dfsg-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| gdk-pixbuf | source | (unstable) | 2.32.0-1 | high | ||
| gdk-pixbuf | source | jessie | 2.31.1-2+deb8u5 | high | DSA-3589-1 | |
| gdk-pixbuf | source | wheezy | 2.26.1-1+deb7u5 | high | DLA-501-1 |
https://bugzilla.suse.com/show_bug.cgi?id=958963
This was fixed by one of the commits between 2.31.6 and 2.32.0.
Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f68cb78a5277f169b9531e6998c00c7976594e4 (2.31.7)