[ASA-202012-19] gdk-pixbuf2: denial of service
foxboron at archlinux.org
Thu Dec 17 19:23:41 UTC 2020
Arch Linux Security Advisory ASA-202012-19
Date : 2020-12-09
CVE-ID : CVE-2020-29385
Package : gdk-pixbuf2
Type : denial of service
Remote : No
Link : https://security.archlinux.org/AVG-1328
The package gdk-pixbuf2 before version 2.42.2-1 is vulnerable to denial
Upgrade to 2.42.2-1.
# pacman -Syu "gdk-pixbuf2>=2.42.2-1"
The problem has been fixed upstream in version 2.42.2.
A security issue was found in gdk-pixbuf2 2.40.0 up to 2.42.0. A
malformed GIF image could lead to an endless loop in the write_indexes
function in gdk-pixbuf/lzw.c, taking full CPU resources and leading to
a denial of service.
An attacker might be able to cause a denial of service via a crafted
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-security