CVE-2021-46829 – gdk-pixbuf: heap-based buffer overflow when compositing or clearing frames in GIF files
https://notcve.org/view.php?id=CVE-2021-46829
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. GdkPixbuf de GNOME (también se conoce como GDK-PixBuf) versiones anteriores a 2.42.8, permite un desbordamiento del búfer en la región heap de la memoria cuando son compuestos o borran fotogramas en archivos GIF, como es demostrado por el archivo io-gif-animation.c composite_frame. Este desbordamiento es controlable y podría ser abusado para la ejecución de código, especialmente en sistemas de 32 bits A heap-based buffer overflow vulnerability was found in GNOME GdkPixbuf (aka GDK-PixBuf) when compositing or clearing frames in GIF files. The vulnerability exists due to a boundary error when processing GIF images. • http://www.openwall.com/lists/oss-security/2022/07/25/1 https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121 https://lists.fedoraproject.org/archives/list/ • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2021-20240
https://notcve.org/view.php?id=CVE-2021-20240
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en gdk-pixbuf en versiones anteriores a 2.42.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1926787 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2020-29385
https://notcve.org/view.php?id=CVE-2020-29385
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. GNOME gdk-pixbuf (también se conoce como GdkPixbuf) versiones anteriores a 2.42.2, permite una denegación de servicio (bucle infinito) en el archivo lzw.c en la función write_indexes. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2011-2897
https://notcve.org/view.php?id=CVE-2011-2897
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw gdk-pixbuf versiones hasta 2.31.1, presenta un desbordamiento de búfer del cargador GIF cuando se inicializan las tablas de descompresión debido a un fallo de comprobación de entrada • https://access.redhat.com/security/cve/cve-2011-2897 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2897 https://security-tracker.debian.org/tracker/CVE-2011-2897 • CWE-20: Improper Input Validation •
CVE-2017-12447
https://notcve.org/view.php?id=CVE-2017-12447
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder. GdkPixBuf (también conocido como gdk-pixbuf), posiblemente en la versión 2.32.2, tal y como se utiliza en GNOME Nautilus 3.14.3 en Ubuntu 16.04 permite a los atacantes provocar una denegación de servicio (corrupción de pila) o, posiblemente, otro impacto sin especificar mediante una carpeta de archivos manipulada. • https://bugzilla.gnome.org/show_bug.cgi?id=785979 https://github.com/hackerlib/hackerlib-vul/tree/master/gnome https://usn.ubuntu.com/3912-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •