Headline
Ubuntu Security Notice USN-5554-1
Ubuntu Security Notice 5554-1 - Pedro Ribeiro discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-5554-1August 08, 2022gdk-pixbuf vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:GDK-PixBuf could be made to crash or run programs as your login if itopened a specially crafted file.Software Description:- gdk-pixbuf: GDK Pixbuf libraryDetails:Pedro Ribeiro discovered that the GDK-PixBuf library did not properlyhandle certain GIF images. If an user or automated system were tricked intoopening a specially crafted GIF file, a remote attacker could use this flawto cause GDK-PixBuf to crash, resulting in a denial of service, or possiblyexecute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.3After a standard system update you need to restart your session to make allthe necessary changes.References: https://ubuntu.com/security/notices/USN-5554-1 CVE-2021-46829Package Information: https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.40.0+dfsg-3ubuntu0.3Related news
An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44648: A flaw was found in gdk-pixbuf. The vulnerability occurs due to the index overwriting in the lzw_decoder_new function, leading to a heap buffer overflow. This flaw allows an attacker to input a specially crafted GIF file, leading to a crash or code execution. * CVE-2021-46829: A heap-based buffer overflow vulnerability was found in GNOME GdkP...
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.