UbuntuUpdates.org

Package "libgdk-pixbuf2.0-common"

Name: libgdk-pixbuf2.0-common

Description:

GDK Pixbuf library - data files
Latest version: 2.42.8+dfsg-1ubuntu0.4
Release: jammy (22.04)
Level: security
Repository: main
Head package: gdk-pixbuf
Homepage: https://www.gtk.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libgdk-pixbuf2.0-common"

All arch deb package
APT INSTALL

Other versions of "libgdk-pixbuf2.0-common" in Jammy

Repository Area Version
base main 2.42.8+dfsg-1
updates main 2.42.8+dfsg-1ubuntu0.4

Changelog

Version: 2.42.8+dfsg-1ubuntu0.4 2025-07-22 15:06:51 UTC

  gdk-pixbuf (2.42.8+dfsg-1ubuntu0.4) jammy-security; urgency=medium

  * SECURITY UPDATE: Potential memory leak
    - debian/patches/CVE-2025-6199.patch: fix reporting
      of bytes written in decoder in gdk-pixbuf/lzw.c.
    - CVE-2025-6199
  * SECURITY UPDATE: Heap buffer overflow
    - debian/patches/CVE-2025-7345.patch: be more careful
      with chunked icc data in gdk-pixbuf/io-jpeg.c.
    - CVE-2025-7345

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 15 Jul 2025 07:12:09 -0300
Source diff to previous version
CVE-2025-6199 A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the repor
CVE-2025-7345 A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c)

Version: 2.42.8+dfsg-1ubuntu0.3 2024-06-05 14:07:06 UTC

  gdk-pixbuf (2.42.8+dfsg-1ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: heap memory corruption
    - debian/patches/CVE-2022-48622-*.patch: adds checks for invalid ani files
      to gdk-pixbuf/io-ani.c.
    - tests/tests-images/fail/CVE-2022-48622.ani: test file.
    - debian/source/include-binaries: including binary test file.
    - CVE-2022-48622

 -- Ian Constantin <email address hidden> Mon, 03 Jun 2024 19:40:54 +0300
Source diff to previous version
CVE-2022-48622 In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk i

Version: 2.42.8+dfsg-1ubuntu0.1 2022-09-13 17:07:12 UTC

  gdk-pixbuf (2.42.8+dfsg-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Heap-Buffer-Overflow
    - debian/patches/CVE-2021-44648-1.patch: Add an assertion that checks for maximum LZW code size
      in gdk-pixbuf/lzw.c.
    - debian/patches/CVE-2021-44648-2.patch: Fix the check for maximum value
      of LZW initial code size in gdk-pixbuf/io-gif.c.
    - debian/patches/CVE-2021-44648-3.patch: Add tests for GIF files with
      invalid LZW code size in tests/tests-images/fail/* and
      tests/tests-images/gif-test-suite/*.
    - debian/source/include-binaries: add tests binaries to the package
    - CVE-2021-44648

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 07 Sep 2022 11:14:12 -0300
CVE-2021-44648 GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with


About   -   Send Feedback to @ubuntu_updates