Mozilla Foundation Security Advisory 2015-88

Heap overflow in gdk-pixbuf when scaling bitmap images

Announced
August 11, 2015
Reporter
Gustavo Grieco
Impact
High
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird
Fixed in
  • Firefox 40
  • Firefox ESR 38.2
  • SeaMonkey 2.35
  • Thunderbird 38.2

Description

Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf affecting Linux systems using Gnome. This issue is triggered by the scaling of a malformed bitmap format image and results in a potentially exploitable crash.

This issue only affects Linux systems running Gnome. Windows and OS X operating systems are unaffected.

References