{ "threat_severity" : "Moderate", "public_date" : "2016-01-25T00:00:00Z", "bugzilla" : { "description" : "gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function", "id" : "1378894", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378894" }, "cvss" : { "cvss_base_score" : "4.3", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status" : "verified" }, "cvss3" : { "cvss3_base_score" : "3.3", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-122", "details" : [ "Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file." ], "acknowledgement" : "Red Hat would like to thank Gustavo Grieco for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHBA-2017:2100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "atk-0:2.22.0-3.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHBA-2017:2100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "at-spi2-atk-0:2.22.0-2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHBA-2017:2100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "at-spi2-core-0:2.22.0-1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHBA-2017:2100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "cairo-0:1.14.8-2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHBA-2017:2100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "gdk-pixbuf2-0:2.36.5-1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHBA-2017:2100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "glib2-0:2.50.3-3.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHBA-2017:2100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "glib-networking-0:2.50.0-1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHBA-2017:2100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "gtk2-0:2.24.31-1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHBA-2017:2100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "gtk3-0:3.22.10-4.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHBA-2017:2100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "harfbuzz-0:1.3.2-1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHBA-2017:2100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "json-glib-0:1.2.6-1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHBA-2017:2100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "pango-0:1.40.4-1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-08-01T00:00:00Z", "advisory" : "RHBA-2017:2100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "pyatspi-0:2.20.3-1.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "gdk-pixbuf2", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Virtualization 3", "fix_state" : "Will not fix", "package_name" : "mingw-virt-viewer", "cpe" : "cpe:/a:redhat:enterprise_linux:7::hypervisor" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-7552\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7552" ], "name" : "CVE-2015-7552", "csaw" : false }