Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-46829: Release GdkPixbuf 2.42.8 (stable) (bca00032) · Commits · GNOME / gdk-pixbuf · GitLab

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.

CVE
Open in Source
#git#buffer_overflow#auth

Commit bca00032 authored Mar 18, 2022 by 👣

Browse files

Release GdkPixbuf 2.42.8 (stable)

Pipeline #378479 passed with stages

in 9 minutes and 43 seconds

  • Changes 2
  • Pipelines 1

2.42.8 (stable)

===

- Clear the pixbuf’s memory buffer to avoid returning uninitialized memory [#199]

- Turn GdkPixbufModule functions into typed callbacks [!123]

- tiff: Use non-deprecated C99 integer types [!124]

- gif: Check for overflow when compositing or clearing frames [#190]

- Change png/jpeg/tiff build options from boolean to feature [!118]

- jpeg: Do not rely on UB around setjmp/longjmp [#143]

- Build fixes [!114, #185, #182]

- Documentation fixes [!120, !125]

- Translation updates

2.42.6 (stable)

===

project('gdk-pixbuf’, 'c’,

version: '2.42.7’,

version: '2.42.8’,

license: 'LGPL-2.1-or-later’,

default_options: [

'buildtype=debugoptimized’,

Related news

RHSA-2023:2216: Red Hat Security Advisory: gdk-pixbuf2 security update

An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44648: A flaw was found in gdk-pixbuf. The vulnerability occurs due to the index overwriting in the lzw_decoder_new function, leading to a heap buffer overflow. This flaw allows an attacker to input a specially crafted GIF file, leading to a crash or code execution. * CVE-2021-46829: A heap-based buffer overflow vulnerability was found in GNOME GdkP...

Ubuntu Security Notice USN-5554-1

Ubuntu Security Notice 5554-1 - Pedro Ribeiro discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE