CVE-2015-7217

Description

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.

References

Link	Tags
https://security.gentoo.org/glsa/201512-10	vendor advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html	vendor advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html	vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html	vendor advisory
http://www.ubuntu.com/usn/USN-2833-1	vendor advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1203078
http://www.mozilla.org/security/announce/2015/mfsa2015-143.html	vendor advisory
http://www.securityfocus.com/bid/79278	vdb entry
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html	vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html	vendor advisory
http://www.securitytracker.com/id/1034426	vdb entry

Frequently Asked Questions

What is the severity of CVE-2015-7217?: CVE-2015-7217 has been scored as a medium severity vulnerability.
How to fix CVE-2015-7217?: To fix CVE-2015-7217, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2015-7217 being actively exploited in the wild?: It is possible that CVE-2015-7217 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions