CVE-2017-6311

Published: Mar 10, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.

Affected (3)

Products: Gnome: Gdk Pixbuf · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnome Gdk Pixbuf	Before 2.36.8

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (16)

http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/02/21/4

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2017/02/26/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/96779

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.gnome.org/show_bug.cgi?id=778204

Source: cve@mitre.org

ExploitIssue TrackingPatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/

Source: cve@mitre.org

https://security.gentoo.org/glsa/201709-08

Source: cve@mitre.org

Third Party Advisory

http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html