{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-20T20:06:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=785979"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome"}, {"name": "USN-3912-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3912-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12447", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.gnome.org/show_bug.cgi?id=785979", "refsource": "MISC", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=785979"}, {"name": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome", "refsource": "MISC", "url": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome"}, {"name": "USN-3912-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3912-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:36:56.357Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=785979"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome"}, {"name": "USN-3912-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3912-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12447", "datePublished": "2019-03-07T22:00:00", "dateReserved": "2017-08-04T00:00:00", "dateUpdated": "2024-08-05T18:36:56.357Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gdk-pixbuf:2.32.2:*:*:*:*:*:*:*", "matchCriteriaId": "FFF219B3-9A08-4AFA-B301-60313C09373C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:nautilus:3.14.3:*:*:*:*:*:*:*", "matchCriteriaId": "FD268F74-2C19-4514-976C-672723F8D4E5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*", "matchCriteriaId": "712507AC-DAB8-4FFE-9426-08282919411F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder."}, {"lang": "es", "value": "GdkPixBuf (tambi\u00e9n conocido como gdk-pixbuf), posiblemente en la versi\u00f3n 2.32.2, tal y como se utiliza en GNOME Nautilus 3.14.3 en Ubuntu 16.04 permite a los atacantes provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de pila) o, posiblemente, otro impacto sin especificar mediante una carpeta de archivos manipulada."}], "id": "CVE-2017-12447", "lastModified": "2024-11-21T03:09:30.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-07T23:29:00.377", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=785979"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3912-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=785979"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3912-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "gdk-pixbuf: heap-based overflow caused by invalid palette size", "id": "1686828", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686828"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder."], "name": "CVE-2017-12447", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "gdk-pixbuf", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "gdk-pixbuf2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "gdk-pixbuf2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gdk-pixbuf2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mingw-gdk-pixbuf", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2017-08-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-12447\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12447"], "statement": "This issue did not affect the versions of gdk-pixbuf2 as shipped with Red Hat Enterprise Linux 6 and 7.\nThis issue affects the versions of gdk-pixbuf as shipped with Red Hat Enterprise Linux 5. \nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}