ALT-PU-2024-7004-1
Package libgdk-pixbuf updated to version 2.42.11-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2023-00075
Уязвимость функции composite_frame() библиотеки загрузки изображений GdkPixbuf, позволяющая нарушителю выполнить произвольный код
BDU:2023-01698
Уязвимость библиотеки загрузки изображений GdkPixbuf, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-44648
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
- FEDORA-2022-a16e5d72fc
- FEDORA-2022-a16e5d72fc
- FEDORA-2022-725db8230b
- FEDORA-2022-725db8230b
- https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
- https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
- DSA-5228
- DSA-5228
Modified: 2024-11-21
CVE-2021-46829
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
- [oss-security] 20220725 Re: CVE Request: heap buffer overflow in gdk-pixbuf
- [oss-security] 20220725 Re: CVE Request: heap buffer overflow in gdk-pixbuf
- https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md
- https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121
- FEDORA-2022-7254ec5e96
- FEDORA-2022-7254ec5e96
- DSA-5228
- DSA-5228
- https://www.openwall.com/lists/oss-security/2022/07/23/1
- https://www.openwall.com/lists/oss-security/2022/07/23/1
Modified: 2024-11-21
CVE-2022-48622
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.