CVE-2017-12447

Publication date 7 March 2019

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.8 · High

Score breakdown

GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.

Read the notes from the security team

Status

Package Ubuntu Release Status
gdk-pixbuf 18.10 cosmic
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Fixed 2.32.2-1ubuntu1.6
14.04 LTS trusty
Fixed 2.30.7-0ubuntu1.6

Notes

mdeslaur

in trusty, this was already included in the CVE-2015-7552 patch should also include the following in xenial: https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/ca74893a8e06e99b4adc682ee1550bfd020687c7

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
gdk-pixbuf

Severity score breakdown

Parameter Value
Base score 7.8 · High
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-3912-1
    • GDK-PixBuf vulnerability
    • 20 March 2019

Other references