Описание
Security update for gdk-pixbuf
This update for gdk-pixbuf fixes the following issues:
- CVE-2020-29385: Fixed an infinite loop in lzw.c in the function write_indexes (bsc#1180393).
- Fixed an integer underflow in the GIF loader (bsc#1174307).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
gdk-pixbuf-devel-2.40.0-lp152.2.3.1
gdk-pixbuf-devel-32bit-2.40.0-lp152.2.3.1
gdk-pixbuf-lang-2.40.0-lp152.2.3.1
gdk-pixbuf-query-loaders-2.40.0-lp152.2.3.1
gdk-pixbuf-query-loaders-32bit-2.40.0-lp152.2.3.1
gdk-pixbuf-thumbnailer-2.40.0-lp152.2.3.1
libgdk_pixbuf-2_0-0-2.40.0-lp152.2.3.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-lp152.2.3.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-lp152.2.3.1
typelib-1_0-GdkPixdata-2_0-2.40.0-lp152.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0150-1
- SUSE Security Ratings
- SUSE Bug 1174307
- SUSE Bug 1180393
- SUSE CVE CVE-2020-29385 page
Описание
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
Затронутые продукты
openSUSE Leap 15.2:gdk-pixbuf-devel-2.40.0-lp152.2.3.1
openSUSE Leap 15.2:gdk-pixbuf-devel-32bit-2.40.0-lp152.2.3.1
openSUSE Leap 15.2:gdk-pixbuf-lang-2.40.0-lp152.2.3.1
openSUSE Leap 15.2:gdk-pixbuf-query-loaders-2.40.0-lp152.2.3.1
Ссылки
- CVE-2020-29385
- SUSE Bug 1180393