Vulnerability Details CVE-2017-2870
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 86.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://www.securityfocus.com/bid/100541
- https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377
- http://www.securityfocus.com/bid/100541
- https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377
Products affected by CVE-2017-2870
-
cpe:2.3:a:gnome:gdk-pixbuf:2.36.6
-
cpe:2.3:o:debian:debian_linux:8.0