Описание
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
A heap-based buffer overflow vulnerability was found in GNOME GdkPixbuf (aka GDK-PixBuf) when compositing or clearing frames in GIF files. The vulnerability exists due to a boundary error when processing GIF images. This flaw allows an attacker to create a specially crafted GIF image, trick the victim into opening it, triggering an out-of-bounds write, which allows executing arbitrary code on the target system or causing a potential crash.
Отчет
Red Hat Enterprise Linux - 6, 7, and 8 are not affected because there is no presence of vulnerable function/code in our code-base.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | gdk-pixbuf2 | Not affected | ||
| Red Hat Enterprise Linux 7 | gdk-pixbuf2 | Not affected | ||
| Red Hat Enterprise Linux 8 | gdk-pixbuf2 | Not affected | ||
| Red Hat Enterprise Linux 9 | gdk-pixbuf2 | Fixed | RHSA-2023:2216 | 09.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buf ...
EPSS
7.8 High
CVSS3