Описание
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.
A flaw was found in GNOME's GdkPixbuf library, a library used to load image data in various formats used by GDK for handling graphical assets. This issue occurs when loading a crafted ANI (animated cursor file) file, which may lead to a heap based out-of-bounds write, causing memory corruption. When a successful attack is in place, it can lead to a denial of service or in some cases arbitrary code execution.
Отчет
The vulnerability in the GdkPixbuf library, allowing for heap-based out-of-bounds writes when loading crafted ANI files, poses a moderate severity risk. While the flaw could lead to memory corruption and potential denial of service or arbitrary code execution, its impact is somewhat mitigated by factors such as the need for the attacker to craft specifically malicious ANI files and the requirement for user interaction to open these files. Additionally, exploitation is limited to systems where GdkPixbuf is used to handle ANI files, reducing the overall attack surface.
Меры по смягчению последствий
This flaw can be mitigated by the user avoiding to load .ani files from untrusted sources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | gdk-pixbuf2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | gdk-pixbuf2 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gdk-pixbuf2 | Fixed | RHSA-2024:3341 | 23.05.2024 |
| Red Hat Enterprise Linux 8 | gdk-pixbuf2 | Fixed | RHSA-2024:3341 | 23.05.2024 |
| Red Hat Enterprise Linux 9 | gdk-pixbuf2 | Fixed | RHSA-2024:3834 | 11.06.2024 |
Показывать по
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows ...
7.3 High
CVSS3