CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 3CVE-2021-46829 – gdk-pixbuf: heap-based buffer overflow when compositing or clearing frames in GIF files
https://notcve.org/view.php?id=CVE-2021-46829
24 Jul 2022 — GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. GdkPixbuf de GNOME (también se conoce como GDK-PixBuf) versiones anteriores a 2.42.8, permite un desbordamiento del búfer en la región heap de la memoria cuando son compuestos o borran fotogramas en archivos GIF, como es dem... • http://www.openwall.com/lists/oss-security/2022/07/25/1 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20240 – Ubuntu Security Notice USN-4743-1
https://notcve.org/view.php?id=CVE-2021-20240
22 Feb 2021 — A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en gdk-pixbuf en versiones anteriores a 2.42.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1926787 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-29385 – Gentoo Linux Security Advisory 202012-15
https://notcve.org/view.php?id=CVE-2020-29385
09 Dec 2020 — GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. GNOME g... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 1CVE-2011-2897
https://notcve.org/view.php?id=CVE-2011-2897
12 Nov 2019 — gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw gdk-pixbuf versiones hasta 2.31.1, presenta un desbordamiento de búfer del cargador GIF cuando se inicializan las tablas de descompresión debido a un fallo de comprobación de entrada • https://access.redhat.com/security/cve/cve-2011-2897 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2CVE-2017-12447 – Ubuntu Security Notice USN-3912-1
https://notcve.org/view.php?id=CVE-2017-12447
07 Mar 2019 — GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder. GdkPixBuf (también conocido como gdk-pixbuf), posiblemente en la versión 2.32.2, tal y como se utiliza en GNOME Nautilus 3.14.3 en Ubuntu 16.04 permite a los atacantes provocar una denegación de servicio (corrupción de pila) o, posiblemente, otro impacto sin especificar mediante una... • https://bugzilla.gnome.org/show_bug.cgi?id=785979 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1000422 – Debian Security Advisory 4088-1
https://notcve.org/view.php?id=CVE-2017-1000422
02 Jan 2018 — Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution Gnome gdk-pixbuf 2.36.8 y anteriores es vulnerable a varios desbordamientos de enteros en la función gif_get_lzw. Esto resulta en la corrupción de memoria y la potencial ejecución de código. It was discovered that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubun... • https://bugzilla.gnome.org/show_bug.cgi?id=785973 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 1CVE-2017-2862 – gdk-pixbuf2: Heap overflow in the gdk_pixbuf__jpeg_image_load_increment function
https://notcve.org/view.php?id=CVE-2017-2862
05 Sep 2017 — An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de montículos en la funcionalidad gdk_pixbuf__jpeg_image_load_increment de Gdk-Pixbuf 2.36.6. Un archivo jpeg especialmente manipulado puede provocar un desbordamiento ... • http://www.debian.org/security/2017/dsa-3978 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2017-2870 – Ubuntu Security Notice USN-3418-1
https://notcve.org/view.php?id=CVE-2017-2870
05 Sep 2017 — An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de enteros en la funcionalidad tiff_image_parse de Gdk-Pixbuf 2.36.6 cuando se compila con Clang. Un archivo tiff especialmente manipulado puede provocar un de... • http://www.securityfocus.com/bid/100541 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2017-6311 – Ubuntu Security Notice USN-3418-1
https://notcve.org/view.php?id=CVE-2017-6311
10 Mar 2017 — gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. gdk-pixbuf-thumbnailer.c en gdk-pixbuf permite a atacantes dependientes de contexto provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de vectores relacionados con la impresión de un mensaje de error. It was discovered that the GDK-PixBuf library did not properly ha... • http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 3CVE-2017-6314 – Gentoo Linux Security Advisory 201709-08
https://notcve.org/view.php?id=CVE-2017-6314
10 Mar 2017 — The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. La función make_available_at_least en io-tiff.c en gdk-pixbuf permite a atacantes dependientes de contexto provocar una denegación de servicio (bucle infinito) a través de un archivo TIFF grande. It was discovered that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affec... • http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •