Upstream has released gdk-pixbuf2.0 2.36.7 on July 18:
It fixes some integer overflows. We should update it for Mageia 6.
pushed in update_testing
Updated gdk-pixbuf2.0 packages fix security vulnerabilities:
The gdk-pixbuf2.0 package has been updated to version 2.36.7, which fixes
integer overflows in the ico, bmp, and tiff decoder, as well as fixing other
Updated packages in core/updates_testing:
MGA6-32 on Asus A6000VM MATE
Installation: I have no idea how come, but these update packs were already installed. Proceeding anyway.
Ref to bug 19070 Comment 3 and 4, checked that images (photos, cartoons) from a newspaper are showing up OK in Firefox.
Same in Firefox for local JPG, PNG and GIF files. Firefox went into a never ending loop with local TIF files: After File - open, pick a tif file, this opens a new tab with a confirmation dialogue "Open in Firefox", click OK, which opens a new tab with a confirmation dialogue ..... etc.....
Used the ristretto to open a local TIF file (works OK) and the trace gives:
open("/lib/libgdk_pixbuf-2.0.so.0", O_RDONLY|O_CLOEXEC) = 3
So OK and validating.
An update for this issue has been pushed to the Mageia Updates repository.