{"containers": {"cna": {"affected": [{"product": "pixman", "vendor": "The pixman Project", "versions": [{"status": "affected", "version": "0.32.8"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-07-31T22:03:56", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5297"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=92027"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5297", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "pixman", "version": {"version_data": [{"version_value": "0.32.8"}]}}]}, "vendor_name": "The pixman Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code."}]}, "impact": {"cvss": [[{"vectorString": "6.7/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-190"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5297", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5297"}, {"name": "https://bugs.freedesktop.org/show_bug.cgi?id=92027", "refsource": "MISC", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=92027"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:41:09.351Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5297"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=92027"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-5297", "datePublished": "2019-07-31T22:03:56", "dateReserved": "2015-07-01T00:00:00", "dateUpdated": "2024-08-06T06:41:09.351Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pixman:pixman:*:*:*:*:*:*:*:*", "matchCriteriaId": "7124C594-BC86-4D52-AD0F-65FA8FCAD4C7", "versionEndExcluding": "0.32.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code."}, {"lang": "es", "value": "Un fallo de desbordamiento de entero ha sido informado en el general_composite_rect() function en pixman anterior a la versi\u00f3n 0.32.8 un atacante podr\u00eda explotar este problema para causar una aplicaci\u00f3n usando pixman para bloquear o potencialmente, ejecutar un c\u00f3digo arbitrario."}], "id": "CVE-2015-5297", "lastModified": "2019-10-09T23:14:34.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2019-07-31T23:15:10.653", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=92027"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5297"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "pixman: general_composite_rect() integer overflow", "id": "1651585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1651585"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code.", "An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code."], "name": "CVE-2015-5297", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "pixman", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "pixman", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "pixman", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-09-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-5297\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5297\nhttps://bugs.freedesktop.org/show_bug.cgi?id=92027"], "threat_severity": "Moderate", "upstream_fix": "pixman 0.32.8"}