製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux 上で稼働する Mozilla Firefox および Google Chrome などの製品で使用される gdk-pixbuf における整数オーバーフローの脆弱性

Title	Linux 上で稼働する Mozilla Firefox および Google Chrome などの製品で使用される gdk-pixbuf における整数オーバーフローの脆弱性
Summary	Linux 上で稼働する Mozilla Firefox、Google Chrome およびその他の製品で使用される gdk-pixbuf の pixops/pixops.c 内の make_filter_table 関数には、整数オーバーフローの脆弱性が存在します。
Possible impacts	第三者により、スケーリングの際に誤って処理される巧妙に細工されたビットマップディメンションを介して、任意のコードを実行される、またはサービス運用妨害 (ヒープベースのバッファオーバーフローおよびアプリケーションクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 13, 2015, midnight
Registration Date	Aug. 19, 2015, 5:15 p.m.
Last Update	Dec. 22, 2015, 3:32 p.m.

CVSS2.0 : 警告
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected System

GNOME Project

gdk-pixbuf 2.31.5 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-4491	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491
National Vulnerability Database (NVD)
2	CVE-2015-4491	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4491

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	Name	URL
Bugzilla
1	Bug 752297	https://bugzilla.gnome.org/show_bug.cgi?id=752297
GNOME GIT REPOSITORY
2	pixops: Be more careful about integer overflow	https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
Mozilla Foundation Security Advisory
3	MFSA2015-88	https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/
Mozilla Foundation セキュリティアドバイザリ
4	MFSA2015-88	http://www.mozilla-japan.org/security/announce/2015/mfsa2015-88.html
Oracle Technology Network
5	Oracle Solaris Third Party Bulletin - October 2015	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Red Hat Bugzilla
6	Bug 1252290	https://bugzilla.redhat.com/show_bug.cgi?id=1252290

Change Log

No	Changed Details	Date of change
0	[2015年08月19日] 掲載 [2015年12月22日] ベンダ情報：オラクル (Oracle Solaris Third Party Bulletin - October 2015) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2015-4491

Summary	Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
Publication Date	Aug. 16, 2015, 10:59 a.m.
Registration Date	Jan. 26, 2021, 2:51 p.m.
Last Update	Nov. 21, 2024, 11:31 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:gnome:gdk-pixbuf::::::::			2.31.4
execution environment
1	cpe:2.3:a:google:chrome:-:::::::*
2	cpe:2.3:a:mozilla:firefox::::::::
3	cpe:2.3:a:mozilla:firefox:38.0:::::::*
4	cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
5	cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
6	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
7	cpe:2.3:o:linux:linux_kernel::::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:oracle:solaris:11.3:::::::*
cpe:2.3:o:oracle:solaris:10:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:22:::::::*
cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:fedoraproject:fedora:21:::::::*
cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
cpe:2.3:o:opensuse:opensuse:13.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html	Third Party Advisory
2	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html	Third Party Advisory
3	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html
4	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html
5	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html	Third Party Advisory
6	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html	Third Party Advisory
7	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html
8	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html
9	http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html	Third Party Advisory
10	http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html	Third Party Advisory
11	http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html	Third Party Advisory
12	http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html	Third Party Advisory
13	http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
14	http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
15	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
16	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
17	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
18	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
19	http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
20	http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
21	http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
22	http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
23	http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html
24	http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html
25	http://rhn.redhat.com/errata/RHSA-2015-1586.html
26	http://rhn.redhat.com/errata/RHSA-2015-1586.html
27	http://rhn.redhat.com/errata/RHSA-2015-1682.html
28	http://rhn.redhat.com/errata/RHSA-2015-1682.html
29	http://rhn.redhat.com/errata/RHSA-2015-1694.html
30	http://rhn.redhat.com/errata/RHSA-2015-1694.html
31	http://www.debian.org/security/2015/dsa-3337
32	http://www.debian.org/security/2015/dsa-3337
33	http://www.mozilla.org/security/announce/2015/mfsa2015-88.html	Vendor Advisory
34	http://www.mozilla.org/security/announce/2015/mfsa2015-88.html	Vendor Advisory
35	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
36	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
37	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Third Party Advisory
38	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Third Party Advisory
39	http://www.securitytracker.com/id/1033247
40	http://www.securitytracker.com/id/1033247
41	http://www.securitytracker.com/id/1033372
42	http://www.securitytracker.com/id/1033372
43	http://www.ubuntu.com/usn/USN-2702-1	Third Party Advisory
44	http://www.ubuntu.com/usn/USN-2702-1	Third Party Advisory
45	http://www.ubuntu.com/usn/USN-2702-2	Third Party Advisory
46	http://www.ubuntu.com/usn/USN-2702-2	Third Party Advisory
47	http://www.ubuntu.com/usn/USN-2702-3
48	http://www.ubuntu.com/usn/USN-2702-3
49	http://www.ubuntu.com/usn/USN-2712-1
50	http://www.ubuntu.com/usn/USN-2712-1
51	http://www.ubuntu.com/usn/USN-2722-1
52	http://www.ubuntu.com/usn/USN-2722-1
53	https://bugzilla.gnome.org/show_bug.cgi?id=752297	Issue Tracking
54	https://bugzilla.gnome.org/show_bug.cgi?id=752297	Issue Tracking
55	https://bugzilla.mozilla.org/show_bug.cgi?id=1184009	Issue Tracking
56	https://bugzilla.mozilla.org/show_bug.cgi?id=1184009	Issue Tracking
57	https://bugzilla.redhat.com/show_bug.cgi?id=1252290	Issue Tracking
58	https://bugzilla.redhat.com/show_bug.cgi?id=1252290	Issue Tracking
59	https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
60	https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
61	https://security.gentoo.org/glsa/201512-05
62	https://security.gentoo.org/glsa/201512-05
63	https://security.gentoo.org/glsa/201605-06
64	https://security.gentoo.org/glsa/201605-06

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:gnome:gdk-pixbuf::::::::			2.31.4
execution environment
1	cpe:2.3:a:google:chrome:-:::::::*
2	cpe:2.3:a:mozilla:firefox::::::::
3	cpe:2.3:a:mozilla:firefox:38.0:::::::*
4	cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
5	cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
6	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
7	cpe:2.3:o:linux:linux_kernel::::::::

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:22:::::::*
cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:fedoraproject:fedora:21:::::::*
cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
cpe:2.3:o:opensuse:opensuse:13.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.2:::::::*