UbuntuUpdates.org

Package "libgdk-pixbuf2.0-0"

Name: libgdk-pixbuf2.0-0

Description:

GDK Pixbuf library

Latest version: 2.40.0+dfsg-3ubuntu0.5
Release: focal (20.04)
Level: security
Repository: main
Head package: gdk-pixbuf
Homepage: http://www.gtk.org/

Links


Download "libgdk-pixbuf2.0-0"


Other versions of "libgdk-pixbuf2.0-0" in Focal

Repository Area Version
base main 2.40.0+dfsg-3
updates main 2.40.0+dfsg-3ubuntu0.5

Changelog

Version: 2.40.0+dfsg-3ubuntu0.5 2024-06-05 14:07:04 UTC

  gdk-pixbuf (2.40.0+dfsg-3ubuntu0.5) focal-security; urgency=medium

  * SECURITY UPDATE: heap memory corruption
    - debian/patches/CVE-2022-48622-*.patch: adds checks for invalid ani files
      to gdk-pixbuf/io-ani.c.
    - tests/tests-images/fail/CVE-2022-48622.ani: test file.
    - debian/source/include-binaries: including binary test file.
    - CVE-2022-48622

 -- Ian Constantin <email address hidden> Mon, 03 Jun 2024 19:41:09 +0300

Source diff to previous version
CVE-2022-48622 In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk i

Version: 2.40.0+dfsg-3ubuntu0.4 2022-09-13 17:07:08 UTC

  gdk-pixbuf (2.40.0+dfsg-3ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: Heap-Buffer-Overflow
    - debian/patches/CVE-2021-44648-1.patch: Add an assertion that checks for maximum LZW code size
      in gdk-pixbuf/lzw.c.
    - debian/patches/CVE-2021-44648-2.patch: Fix the check for maximum value
      of LZW initial code size in gdk-pixbuf/io-gif.c.
    - debian/patches/CVE-2021-44648-3.patch: Add tests for GIF files with
      invalid LZW code size in tests/tests-images/fail/* and
      tests/tests-images/gif-test-suite/*.
    - debian/source/include-binaries: add tests binaries to the package
    - CVE-2021-44648

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 07 Sep 2022 12:05:42 -0300

Source diff to previous version
CVE-2021-44648 GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with

Version: 2.40.0+dfsg-3ubuntu0.3 2022-08-08 13:07:18 UTC

  gdk-pixbuf (2.40.0+dfsg-3ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: Buffer overwrite in io-gif-animation.c
    composite_frame() (LP: #1982898)
    - debian/patches/CVE-2021-46829.patch: gif: Check for overflow
      when compositing or clearing frames.
    - CVE-2021-46829

 -- Joshua Peisach <email address hidden> Tue, 26 Jul 2022 20:42:00 -0400

Source diff to previous version
1982898 CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
CVE-2021-46829 GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated

Version: 2.40.0+dfsg-3ubuntu0.2 2021-02-22 16:06:23 UTC

  gdk-pixbuf (2.40.0+dfsg-3ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: integer underflow in GIF loader
    - debian/patches/CVE-2021-20240.patch: check for overflow in
      gdk-pixbuf/io-gif-animation.c.
    - CVE-2021-20240

 -- Marc Deslauriers <email address hidden> Thu, 18 Feb 2021 09:41:16 -0500

Source diff to previous version
CVE-2021-20240 integer underflow in the GIF loader of gdk-pixbuf via crafted input leads to segmentation fault

Version: 2.40.0+dfsg-3ubuntu0.1 2020-12-08 17:07:12 UTC

  gdk-pixbuf (2.40.0+dfsg-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: infinite loop in write_indexes
    - debian/patches/CVE-2020-29385.patch: fix LZW decoder accepting
      invalid LZW code in gdk-pixbuf/lzw.c.
    - CVE-2020-29385

 -- Marc Deslauriers <email address hidden> Tue, 08 Dec 2020 08:32:30 -0500

CVE-2020-29385 RESERVED



About   -   Send Feedback to @ubuntu_updates