Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-48622

Опубликовано: 26 янв. 2024
Источник: debian
EPSS Низкий

Описание

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gdk-pixbuffixed2.42.12+dfsg-1package
gdk-pixbuffixed2.42.10+dfsg-1+deb12u1bookwormpackage
gdk-pixbuffixed2.42.2+dfsg-1+deb11u2bullseyepackage
gdk-pixbufpostponedbusterpackage

Примечания

  • https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202

  • Fixed by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/00c071dd11f723ca608608eef45cb1aa98da89cc (2.42.12)

  • Further improvements/hardenings:

  • https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/d52134373594ff76614fb415125b0d1c723ddd56 (2.42.12)

  • https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/91b8aa5cd8a0eea28acb51f0e121827ca2e7eb78 (2.42.12)

EPSS

Процентиль: 24%
0.00077
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-48622

CVSS3: 7.8
ubuntu
больше 1 года назад

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

redhat логотип

CVE-2022-48622

CVSS3: 7.3
redhat
больше 1 года назад

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

nvd логотип

CVE-2022-48622

CVSS3: 7.8
nvd
больше 1 года назад

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

msrc логотип

CVE-2022-48622

CVSS3: 7.8
msrc
8 месяцев назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2024:2077-1

suse-cvrf
около 1 года назад

Security update for gdk-pixbuf

EPSS

Процентиль: 24%
0.00077
Низкий