UbuntuUpdates.org

Package "gdk-pixbuf"

Name: gdk-pixbuf

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • installed tests for the GDK Pixbuf library
Latest version: 2.42.10+dfsg-3ubuntu3.2
Release: noble (24.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "gdk-pixbuf" in Noble

Repository Area Version
base universe 2.42.10+dfsg-3ubuntu3
base main 2.42.10+dfsg-3ubuntu3
security main 2.42.10+dfsg-3ubuntu3.2
updates main 2.42.10+dfsg-3ubuntu3.2
updates universe 2.42.10+dfsg-3ubuntu3.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.42.10+dfsg-3ubuntu3.2 2025-07-22 15:07:04 UTC

  gdk-pixbuf (2.42.10+dfsg-3ubuntu3.2) noble-security; urgency=medium

  * SECURITY UPDATE: Potential memory leak
    - debian/patches/CVE-2025-6199.patch: fix reporting
      of bytes written in decoder in gdk-pixbuf/lzw.c.
    - CVE-2025-6199
  * SECURITY UPDATE: Heap buffer overflow
    - debian/patches/CVE-2025-7345.patch: be more careful
      with chunked icc data in gdk-pixbuf/io-jpeg.c.
    - CVE-2025-7345

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 27 Jun 2025 10:12:04 -0300
Source diff to previous version
CVE-2025-6199 A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the repor
CVE-2025-7345 A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c)

Version: 2.42.10+dfsg-3ubuntu3.1 2024-06-05 14:07:11 UTC

  gdk-pixbuf (2.42.10+dfsg-3ubuntu3.1) noble-security; urgency=medium

  * SECURITY UPDATE: heap memory corruption
    - debian/patches/CVE-2022-48622-*.patch: adds checks for invalid ani files
      to gdk-pixbuf/io-ani.c.
    - tests/tests-images/fail/CVE-2022-48622.ani: test file.
    - debian/source/include-binaries: including binary test file.
    - CVE-2022-48622

 -- Ian Constantin <email address hidden> Mon, 03 Jun 2024 19:36:10 +0300
CVE-2022-48622 In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk i


About   -   Send Feedback to @ubuntu_updates