CVE-2017-2870

Summary

An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
GNOMEGdk-Pixbuf2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc compiled with clang -O3 flag libtiff 4.0.6affected

Weaknesses

  • remote code execution

ADP Enrichment

CVE Program Container

Additional References

References