| Summary: | CVE-2011-2485: gdk-pixbuf | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Vigier <boklm> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | cjw, davidwhodgins, dmorganec, fundawang, jani.valimaa, sysadmin-bugs, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | gdk-pixbuf2.0 | CVE: | |
| Status comment: | |||
|
Description
Nicolas Vigier
2011-10-18 18:15:33 CEST
As no maintainer, I add the four more commiters of this package CC:
(none) =>
cjw, dmorganec, fundawang, jani.valimaa Any sample image files to demonstrate the problem? CC:
(none) =>
davidwhodgins
Nicolas Vigier
2011-10-19 11:42:14 CEST
Assignee:
bugsquad =>
qa-bugs I can't find any on the web anywhere so we should test for regressions. It was reported against pidgin apparently so we should ensure gif images, smilies I guess, still work OK in pidgin. It looks like it's used by most applications. Tested x86_64 with eog & gimp opening various image formats all normal. Pidgin appears normal. Tested the same way i586, all appears OK. Update validate Advisory ---------------- It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load() routine did not properly handle certain return values from their subroutines. A remote attacker could provide a specially-crafted GIF image, which once opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf to return partially initialized pixbuf structure, possibly having huge width and height, leading to that particular application termination due excessive memory use. The CVE identifier of CVE-2011-2485 has been assigned to this issue. ------------------ SRPM: gdk-pixbuf2.0-2.22.1-3.1.mga1.src.rpm Keywords:
(none) =>
validated_update Update pushed. Status:
ASSIGNED =>
RESOLVED |