Headline
Ubuntu Security Notice USN-5607-1
Ubuntu Security Notice 5607-1 - It was discovered that GDK-PixBuf incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
=========================================================================
Ubuntu Security Notice USN-5607-1
September 13, 2022
gdk-pixbuf vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
GDK-PixBuf could be made do execute arbitrary code or
crash if it received a specially crafted image.
Software Description:
- gdk-pixbuf: GDK Pixbuf library
Details:
It was discovered that GDK-PixBuf incorrectly handled certain images.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
libgdk-pixbuf-2.0-0 2.42.8+dfsg-1ubuntu0.1
Ubuntu 20.04 LTS:
libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.4
After a standard system update you need to restart your session to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5607-1
CVE-2021-44648
Package Information:
https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.42.8+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.40.0+dfsg-3ubuntu0.4
Related news
An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44648: A flaw was found in gdk-pixbuf. The vulnerability occurs due to the index overwriting in the lzw_decoder_new function, leading to a heap buffer overflow. This flaw allows an attacker to input a specially crafted GIF file, leading to a crash or code execution. * CVE-2021-46829: A heap-based buffer overflow vulnerability was found in GNOME GdkP...
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.