CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48622 – gnome: heap memory corruption on gdk-pixbuf
https://notcve.org/view.php?id=CVE-2022-48622
26 Jan 2024 — In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c. En GNOME GdkPixbuf (también conocido como gdk-pixbuf) hasta 2.42.10, el decodificador ANI (cursor animado de Windows) encuentra... • https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2021-44648 – gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data
https://notcve.org/view.php?id=CVE-2021-44648
12 Jan 2022 — GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. GNOME gdk-pixbuf versión 2.42.6, es susceptible a una vulnerabilidad de desbordamiento del búfer de la pila cuando es decodificado el flujo de datos de imágenes comprimido por lzw en archivos GIF con un tamaño de código mínimo de lzw igual a 12 A flaw was found in gdk-pixbuf. The vulnerability occurs due to the index overwri... • https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 11%CPEs: 2EXPL: 0CVE-2005-2975
https://notcve.org/view.php?id=CVE-2005-2975
18 Nov 2005 — io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. • http://secunia.com/advisories/17522 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2005-2976
https://notcve.org/view.php?id=CVE-2005-2976
18 Nov 2005 — Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186. • http://secunia.com/advisories/17522 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2005-3186
https://notcve.org/view.php?id=CVE-2005-3186
18 Nov 2005 — Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txt •
CVSS: 9.8EPSS: 30%CPEs: 9EXPL: 0CVE-2004-0782
https://notcve.org/view.php?id=CVE-2004-0782
17 Sep 2004 — Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). Desbordamiento de enteros en pixbuf_create_from_xpm (io-xpm.c) en el decodificador de imágenes XPM de gtk+ 2.4.4 (gtk2) y... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875 •
CVSS: 5.5EPSS: 12%CPEs: 5EXPL: 0CVE-2004-0753
https://notcve.org/view.php?id=CVE-2004-0753
17 Sep 2004 — The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file. El procesador de imágenes BMP de (1) gdk-pixbuf anteriores a 0.22 y (2) gtk2 anteriores a 2.2.4 permite a atacantes remotos causar una denegación de servicio (bucle infinito) mediante un fichero BMP artesanal. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 30%CPEs: 9EXPL: 0CVE-2004-0783
https://notcve.org/view.php?id=CVE-2004-0783
17 Sep 2004 — Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688). Vulnerabilidad basada en la pila en xpm_extract_color (io-xpm.c) en el decodificador de imagen XPM de gtk+ 2.4.4 (gtk2) y anteriores, y gdk-pixbuf anteriores a... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 12%CPEs: 5EXPL: 0CVE-2004-0788
https://notcve.org/view.php?id=CVE-2004-0788
17 Sep 2004 — Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file. Vulnerabilidad de desbordamiento de enteros en el decodificador de imagen ICO de (1) gdk-pixbuf anteriores a 0.22 y (2) gtk2 anteriores a 2.2.4 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante un fichero ICO artesanal. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2004-0111
https://notcve.org/view.php?id=CVE-2004-0111
15 Apr 2004 — gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file. gdk-pixbuf anteiores a 0.20 permite a atacantes causar una denegación de servicio (caída) mediante un fichero de mapa de bits (BMP) malformado. • http://www.debian.org/security/2004/dsa-464 •