Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:1699-1

Опубликовано: 20 мая 2024
Источник: suse-cvrf

Описание

Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues:

  • CVE-2022-48622: Fixed files rejection with multiple anih chunks (bsc#1219276).

Список пакетов

Image SLES12-SP5-Azure-SAP-BYOS
gdk-pixbuf-query-loaders-2.34.0-19.20.1
libgdk_pixbuf-2_0-0-2.34.0-19.20.1
Image SLES12-SP5-Azure-SAP-On-Demand
gdk-pixbuf-query-loaders-2.34.0-19.20.1
libgdk_pixbuf-2_0-0-2.34.0-19.20.1
Image SLES12-SP5-EC2-SAP-BYOS
gdk-pixbuf-query-loaders-2.34.0-19.20.1
libgdk_pixbuf-2_0-0-2.34.0-19.20.1
Image SLES12-SP5-EC2-SAP-On-Demand
gdk-pixbuf-query-loaders-2.34.0-19.20.1
libgdk_pixbuf-2_0-0-2.34.0-19.20.1
Image SLES12-SP5-GCE-SAP-BYOS
gdk-pixbuf-query-loaders-2.34.0-19.20.1
libgdk_pixbuf-2_0-0-2.34.0-19.20.1
Image SLES12-SP5-GCE-SAP-On-Demand
gdk-pixbuf-query-loaders-2.34.0-19.20.1
libgdk_pixbuf-2_0-0-2.34.0-19.20.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
gdk-pixbuf-query-loaders-2.34.0-19.20.1
libgdk_pixbuf-2_0-0-2.34.0-19.20.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
gdk-pixbuf-query-loaders-2.34.0-19.20.1
libgdk_pixbuf-2_0-0-2.34.0-19.20.1
SUSE Linux Enterprise Server 12 SP5
gdk-pixbuf-lang-2.34.0-19.20.1
gdk-pixbuf-query-loaders-2.34.0-19.20.1
gdk-pixbuf-query-loaders-32bit-2.34.0-19.20.1
libgdk_pixbuf-2_0-0-2.34.0-19.20.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-19.20.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.20.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
gdk-pixbuf-lang-2.34.0-19.20.1
gdk-pixbuf-query-loaders-2.34.0-19.20.1
gdk-pixbuf-query-loaders-32bit-2.34.0-19.20.1
libgdk_pixbuf-2_0-0-2.34.0-19.20.1
libgdk_pixbuf-2_0-0-32bit-2.34.0-19.20.1
typelib-1_0-GdkPixbuf-2_0-2.34.0-19.20.1
SUSE Linux Enterprise Software Development Kit 12 SP5
gdk-pixbuf-devel-2.34.0-19.20.1

Ссылки

Описание

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

Затронутые продукты
Image SLES12-SP5-Azure-SAP-BYOS:gdk-pixbuf-query-loaders-2.34.0-19.20.1
Image SLES12-SP5-Azure-SAP-BYOS:libgdk_pixbuf-2_0-0-2.34.0-19.20.1
Image SLES12-SP5-Azure-SAP-On-Demand:gdk-pixbuf-query-loaders-2.34.0-19.20.1
Image SLES12-SP5-Azure-SAP-On-Demand:libgdk_pixbuf-2_0-0-2.34.0-19.20.1
Ссылки