CVE-2017-2870 in GNOME and Debian Products
Published on September 5, 2017

An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.

NVD

Products Associated with CVE-2017-2870

stack.watch emails you whenever new vulnerabilities are published in GNOME Gdk Pixbuf or Debian Linux. Just hit a watch button to start following.

GNOME Gdk Pixbuf

Debian Linux

Affected Versions

GNOME Gdk-Pixbuf Version 2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc compiled with clang -O3 flag libtiff 4.0.6 is affected by CVE-2017-2870

Exploit Probability

EPSS

3.13%

Percentile

86.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-2870 in GNOME and Debian ProductsPublished on September 5, 2017

Products Associated with CVE-2017-2870

Affected Versions

Exploit Probability

CVE-2017-2870 in GNOME and Debian Products
Published on September 5, 2017