UbuntuUpdates.org

Package "gdk-pixbuf"

Name: gdk-pixbuf

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • installed tests for the GDK Pixbuf library
Latest version: 2.42.8+dfsg-1ubuntu0.3
Release: jammy (22.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "gdk-pixbuf" in Jammy

Repository Area Version
base main 2.42.8+dfsg-1
base universe 2.42.8+dfsg-1
security main 2.42.8+dfsg-1ubuntu0.3
updates main 2.42.8+dfsg-1ubuntu0.3
updates universe 2.42.8+dfsg-1ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.42.8+dfsg-1ubuntu0.3 2024-06-05 14:07:07 UTC

  gdk-pixbuf (2.42.8+dfsg-1ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: heap memory corruption
    - debian/patches/CVE-2022-48622-*.patch: adds checks for invalid ani files
      to gdk-pixbuf/io-ani.c.
    - tests/tests-images/fail/CVE-2022-48622.ani: test file.
    - debian/source/include-binaries: including binary test file.
    - CVE-2022-48622

 -- Ian Constantin <email address hidden> Mon, 03 Jun 2024 19:40:54 +0300
Source diff to previous version
CVE-2022-48622 In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk i

Version: 2.42.8+dfsg-1ubuntu0.1 2022-09-13 17:07:13 UTC

  gdk-pixbuf (2.42.8+dfsg-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Heap-Buffer-Overflow
    - debian/patches/CVE-2021-44648-1.patch: Add an assertion that checks for maximum LZW code size
      in gdk-pixbuf/lzw.c.
    - debian/patches/CVE-2021-44648-2.patch: Fix the check for maximum value
      of LZW initial code size in gdk-pixbuf/io-gif.c.
    - debian/patches/CVE-2021-44648-3.patch: Add tests for GIF files with
      invalid LZW code size in tests/tests-images/fail/* and
      tests/tests-images/gif-test-suite/*.
    - debian/source/include-binaries: add tests binaries to the package
    - CVE-2021-44648

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 07 Sep 2022 11:14:12 -0300
CVE-2021-44648 GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with


About   -   Send Feedback to @ubuntu_updates