A CVE has been assigned for a security issue in gdk-pixbuf2.0:
The upstream bug is here:
There is no fix available yet.
Mageia 5 is also affected.
Assigning to all packagers collectively, since there is no maintainer for this package.
openSUSE has issued an advisory for this today (September 9):
Patched packages uploaded for Mageia 5 and Cauldron.
Mageia 5 was also updated to 2.32.3 (as was openSUSE).
Updated gdk-pixbuf2.0 packages fix security vulnerability:
A write out-of-bounds parsing an ico file was found in gdk-pixbuf. A
maliciously crafted file can cause the application to crash (CVE-2016-6352).
The gdk-pixbuf2.0 package has been updated to version 2.32.3 and patched to fix
this issue, and a few other possible security issues.
Updated packages in core/updates_testing:
Testing Mageia 5 x64 real hardware with AMD/ATI/Radeon graphics
From bug 18476: "To test, make sure Firefox can load images OK."
Updated from version -2.32.1-1.1 to:
Using Firefox, looked at a selection of on-line JPEG, GIF & PNG images. Everything seems OK.
Updated gdk-pixbuf packages on i586 virtualbox.
Loaded images in Firefox from astronomical sites and local image directory to test various formats; PNG, JPEG, SVG, GIF, PNG, ICO. Bitmap images would not load but they probably don't anyway.
This looks OK.
Validating this update; advisory to follow.
An update for this issue has been pushed to the Mageia Updates repository.