GNOME GDK-PixBuf 2.34.0

CPE Details

GNOME GDK-PixBuf 2.34.0
gnome
gdk-pixbuf
2.34.0
2020-08-03
11h44 +00:00
2020-08-03
11h44 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnome:gdk-pixbuf:2.34.0:*:*:*:*:*:*:*

Informations

Vendor

gnome

Product

gdk-pixbuf

Version

2.34.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-46829 2022-07-24 16h47 +00:00 GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
7.8
High
CVE-2021-20240 2021-05-28 08h42 +00:00 A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.8
High
CVE-2020-29385 2020-12-26 01h01 +00:00 GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
5.5
Medium
CVE-2017-1000422 2018-01-02 19h00 +00:00 Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
8.8
High
CVE-2017-6311 2017-03-10 01h00 +00:00 gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.
7.5
High
CVE-2017-6312 2017-03-10 01h00 +00:00 Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
5.5
Medium
CVE-2017-6313 2017-03-10 01h00 +00:00 Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
7.1
High
CVE-2017-6314 2017-03-10 01h00 +00:00 The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
5.5
Medium
CVE-2016-6352 2016-10-03 16h00 +00:00 The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
7.5
High