news 28 Posted February 27, 2016 Package : gtk+2.0 Version : 2.20.1-2+deb6u2 CVE ID : CVE-2015-4491 CVE-2015-7673 CVE-2015-7674 Gustavo Grieco discovered different security issues in Gtk+2.0's gdk-pixbuf. CVE-2015-4491 Heap overflow when processing BMP images which may allow to execute of arbitrary code via malformed images. CVE-2015-7673 Heap overflow when processing TGA images which may allow execute arbitrary code or denial of service (process crash) via malformed images. CVE-2015-7674 Integer overflow when processing GIF images which may allow to execute arbitrary code or denial of service (process crash) via malformed image. For Debian 6 "Squeeze", these issues have been fixed in gtk+2.0 version 2.20.1-2+deb6u2. We recommend you to upgrade your gtk+2.0 packages. Learn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/ Share this post Link to post