Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2216: Red Hat Security Advisory: gdk-pixbuf2 security update

An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-44648: A flaw was found in gdk-pixbuf. The vulnerability occurs due to the index overwriting in the lzw_decoder_new function, leading to a heap buffer overflow. This flaw allows an attacker to input a specially crafted GIF file, leading to a crash or code execution.
  • CVE-2021-46829: A heap-based buffer overflow vulnerability was found in GNOME GdkPixbuf (aka GDK-PixBuf) when compositing or clearing frames in GIF files. The vulnerability exists due to a boundary error when processing GIF images. This flaw allows an attacker to create a specially crafted GIF image, trick the victim into opening it, triggering an out-of-bounds write, which allows executing arbitrary code on the target system or causing a potential crash.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#buffer_overflow#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-09

Updated:

2023-05-09

RHSA-2023:2216 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: gdk-pixbuf2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter.

Security Fix(es):

  • gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data (CVE-2021-44648)
  • gdk-pixbuf: heap-based buffer overflow when compositing or clearing frames in GIF files (CVE-2021-46829)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2043722 - CVE-2021-44648 gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data
  • BZ - 2114940 - CVE-2021-46829 gdk-pixbuf: heap-based buffer overflow when compositing or clearing frames in GIF files

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

gdk-pixbuf2-2.42.6-3.el9.src.rpm

SHA-256: b2d1507f5dddcd2220fe03c5747b2789bbf4f62e8c487d1f1542c733b2d1930c

x86_64

gdk-pixbuf2-2.42.6-3.el9.i686.rpm

SHA-256: 4f565113067561e5112fd5e40b7e012f53a8ba4072d7c0f07e1009f4e8b5d72b

gdk-pixbuf2-2.42.6-3.el9.x86_64.rpm

SHA-256: d2cdfd0beb1b3a428f6816d88e20cab265b11f204658845a9f8be0d5710033f0

gdk-pixbuf2-debuginfo-2.42.6-3.el9.i686.rpm

SHA-256: 868444da334ed05973d1287a9707196ab72081e9102ac539f97ba51c82b9b785

gdk-pixbuf2-debuginfo-2.42.6-3.el9.x86_64.rpm

SHA-256: 35c2951761e783e92ea2bd69ad09d1711cbeab03308de119ce70275949c0565f

gdk-pixbuf2-debugsource-2.42.6-3.el9.i686.rpm

SHA-256: ee3a61f98ec28ebd34642478a563ec6d641d28224aba7b720a13387bb2015118

gdk-pixbuf2-debugsource-2.42.6-3.el9.x86_64.rpm

SHA-256: e506b10faf7e7f4d25dd11db851a08f3fb6ab41ae1ec29cf4198e01f6519f27b

gdk-pixbuf2-devel-2.42.6-3.el9.i686.rpm

SHA-256: f732a531b8a322cf518ff64815747360da8c22833121ae86dea795b9d3d5ee5a

gdk-pixbuf2-devel-2.42.6-3.el9.x86_64.rpm

SHA-256: 1d51d134724ec0d02c48d9b9382846236bde5c1890deac78b7fea1c0df74b7f6

gdk-pixbuf2-devel-debuginfo-2.42.6-3.el9.i686.rpm

SHA-256: 23910f9d9096a277c25eb3f68c14555c97fac1d3ed0d7076fb6b0358aa2d0761

gdk-pixbuf2-devel-debuginfo-2.42.6-3.el9.x86_64.rpm

SHA-256: c3014bb427414714cc24ffc6b38eddf520ccf9c89740c08a9eb324520f8c9ca6

gdk-pixbuf2-modules-2.42.6-3.el9.i686.rpm

SHA-256: e88dff1664ec71f15fe3148d0c60f5eb83dd5c5aa4e220e8ce9ea376a442e566

gdk-pixbuf2-modules-2.42.6-3.el9.x86_64.rpm

SHA-256: f76942f8fc004ee56dc53ac9c7b37a618de31bbe0d3a13d5c93a1fd49e1457b3

gdk-pixbuf2-modules-debuginfo-2.42.6-3.el9.i686.rpm

SHA-256: f98726e10c006dacf3de8a4d306d38df305c6d4d25bad9b3b06660465f0f219c

gdk-pixbuf2-modules-debuginfo-2.42.6-3.el9.x86_64.rpm

SHA-256: b2e0d51753a26d4a0ad0a0527a23430d57c045dfd180715a5befb509ab162716

gdk-pixbuf2-tests-debuginfo-2.42.6-3.el9.i686.rpm

SHA-256: 73cdd9203a38aa3f270d4f6c1ae65c7291db6eb821327dd8420d60d45d713fc8

gdk-pixbuf2-tests-debuginfo-2.42.6-3.el9.x86_64.rpm

SHA-256: b203a09accc1e5adc28f99bf4a892bd5027c3bfde476c2f8ad4d00266f235fa7

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

gdk-pixbuf2-2.42.6-3.el9.src.rpm

SHA-256: b2d1507f5dddcd2220fe03c5747b2789bbf4f62e8c487d1f1542c733b2d1930c

s390x

gdk-pixbuf2-2.42.6-3.el9.s390x.rpm

SHA-256: a57df45cd88dd98334a6873beea7b81d31e0aba880842fe1dd94e7b03760f32e

gdk-pixbuf2-debuginfo-2.42.6-3.el9.s390x.rpm

SHA-256: 3a8ef950a78fd9ccec90c8334ee137c6c5fc0d470941e2d946d15873af111ab9

gdk-pixbuf2-debugsource-2.42.6-3.el9.s390x.rpm

SHA-256: af66db72d5269b3bbd79655ed08ec8d53c92311f03d6b795e0d86d17b6dfbb60

gdk-pixbuf2-devel-2.42.6-3.el9.s390x.rpm

SHA-256: 95485696dd19cdfaa5a271684ee844d9eab6f0cdb5e657302738dc1a25172bb4

gdk-pixbuf2-devel-debuginfo-2.42.6-3.el9.s390x.rpm

SHA-256: 2c30117c74fa33a698bf0696168172343f6138f2b263eb38c98ea25ca74b03b9

gdk-pixbuf2-modules-2.42.6-3.el9.s390x.rpm

SHA-256: 570bd5a54787e850e1a455f3fdf230c73031424d1bb3f49157dff2de9c9b5f69

gdk-pixbuf2-modules-debuginfo-2.42.6-3.el9.s390x.rpm

SHA-256: 9ab5bc4d2e493d3183c4ea504404d5ce3f08378e074951917a67ea1d19a676c5

gdk-pixbuf2-tests-debuginfo-2.42.6-3.el9.s390x.rpm

SHA-256: 78bf2255619cbee3932e539ac33315954ecf35ff32de7d5215427315f16fd49e

Red Hat Enterprise Linux for Power, little endian 9

SRPM

gdk-pixbuf2-2.42.6-3.el9.src.rpm

SHA-256: b2d1507f5dddcd2220fe03c5747b2789bbf4f62e8c487d1f1542c733b2d1930c

ppc64le

gdk-pixbuf2-2.42.6-3.el9.ppc64le.rpm

SHA-256: 017ec336df39d20d2fa0f96ba55a5114185a85c4f3936580f4e8526839e52cb2

gdk-pixbuf2-debuginfo-2.42.6-3.el9.ppc64le.rpm

SHA-256: 18aea7496cdfb8f8c664c01a4f9bf4657d989e41526062ef4aab053d75e77403

gdk-pixbuf2-debugsource-2.42.6-3.el9.ppc64le.rpm

SHA-256: 18f40ea851d02d6c8386fd03dd310561e8f59cc6443700b539f477110985f22f

gdk-pixbuf2-devel-2.42.6-3.el9.ppc64le.rpm

SHA-256: 24e30a83e74b171900b7b686a43ee6b0ee079d16e9f5b893b5b6a029befbfeaa

gdk-pixbuf2-devel-debuginfo-2.42.6-3.el9.ppc64le.rpm

SHA-256: 6c40ab318688f6032e32f458c1fe30322b37e50c78852260b8b53084d8f4148e

gdk-pixbuf2-modules-2.42.6-3.el9.ppc64le.rpm

SHA-256: 9bc2441856a5b3fd950eaadb8b8ac2ebd9cb3838d9f4340f4d030e00468e8670

gdk-pixbuf2-modules-debuginfo-2.42.6-3.el9.ppc64le.rpm

SHA-256: 0c93d0cfff11fb78b033f3f08c6cacbf6158643040ee5b311941a1bf7366db69

gdk-pixbuf2-tests-debuginfo-2.42.6-3.el9.ppc64le.rpm

SHA-256: 2e5f20769ebef0fbd143c7522becc1521cf4718bf3dfe01ea0d4c322859e305c

Red Hat Enterprise Linux for ARM 64 9

SRPM

gdk-pixbuf2-2.42.6-3.el9.src.rpm

SHA-256: b2d1507f5dddcd2220fe03c5747b2789bbf4f62e8c487d1f1542c733b2d1930c

aarch64

gdk-pixbuf2-2.42.6-3.el9.aarch64.rpm

SHA-256: a381459427ac1c9fb8b1b6727a9db6ab7712a320e248a87567553dca09901e2e

gdk-pixbuf2-debuginfo-2.42.6-3.el9.aarch64.rpm

SHA-256: 6de2dec28d696a0640603c0333a59f7b6ed5c7ca8e8d3fd2c71e3a04067a4952

gdk-pixbuf2-debugsource-2.42.6-3.el9.aarch64.rpm

SHA-256: 9955a5abd021ec14f74ad2df785efb3e57200e5fbb7d95479ab7c5f5fe2c5ff2

gdk-pixbuf2-devel-2.42.6-3.el9.aarch64.rpm

SHA-256: a08993f4c2801c65629d039d6d8dc333ae819c9e9f2f2a424a46b65f77fd2806

gdk-pixbuf2-devel-debuginfo-2.42.6-3.el9.aarch64.rpm

SHA-256: 827cc32bbdb02db60e95d7f959db2d80f566dcea2e69a651acf7a124d9db5833

gdk-pixbuf2-modules-2.42.6-3.el9.aarch64.rpm

SHA-256: ed3fc5f61609492a6332d4c01059369bc7017eb5f8c5ca41851a326cb97f3c97

gdk-pixbuf2-modules-debuginfo-2.42.6-3.el9.aarch64.rpm

SHA-256: dfcf54927133319470aafc0180be672b7b70321cad40210b500d76a8a00d10e8

gdk-pixbuf2-tests-debuginfo-2.42.6-3.el9.aarch64.rpm

SHA-256: bf5a2bc2acf35acebf92646bc0eeecff30d72c909e8d0ba9fc9ad7818ebdfebc

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Ubuntu Security Notice USN-5607-1

Ubuntu Security Notice 5607-1 - It was discovered that GDK-PixBuf incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

Ubuntu Security Notice USN-5554-1

Ubuntu Security Notice 5554-1 - Pedro Ribeiro discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2021-46829: Release GdkPixbuf 2.42.8 (stable) (bca00032) · Commits · GNOME / gdk-pixbuf · GitLab

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.

CVE-2021-44648: (CVE-2021-44648) GdkPixbuf Heap Buffer Overflow in lzw_decoder_new (#136) · Issues · GNOME / gdk-pixbuf · GitLab

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.