Bug 30662 - gdk-pixbuf2.0 new heap buffer overflow security issue (CVE-2021-46829)
Summary: gdk-pixbuf2.0 new heap buffer overflow security issue (CVE-2021-46829)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, has_procedure, validated_update
Depends on:
Blocks:
 
Reported: 2022-07-23 17:20 CEST by David Walser
Modified: 2022-07-29 22:54 CEST (History)
4 users (show)

See Also:
Source RPM: gdk-pixbuf2.0-2.42.2-1.mga8.src.rpm
CVE: CVE-2021-46829
Status comment:


Attachments

Description David Walser 2022-07-23 17:20:30 CEST
A CVE has been requested for a security issue fixed upstream in gdk-pixbuf:
https://www.openwall.com/lists/oss-security/2022/07/23/1
Comment 1 Marja Van Waes 2022-07-24 22:43:57 CEST
Assigning to all packagers collectively, since there is no registered maintainer for this package

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11

Comment 2 David Walser 2022-07-25 17:11:58 CEST
CVE-2021-46829 has been assigned, and there's a PoC:
https://www.openwall.com/lists/oss-security/2022/07/25/1

Summary: gdk-pixbuf2.0 new heap buffer overflow security issue => gdk-pixbuf2.0 new heap buffer overflow security issue (CVE-2021-46829)

Comment 3 Mike Rambo 2022-07-28 00:39:57 CEST
Updated package built for Mageia 8


Advisory:
========================

Updated gdk-pixbuf2.0 package fixes security vulnerability:

It was discovered that gdk-pixbuf contained a buffer overwrite in    
io-gif-animation.c composite_frame() exploitable using a crafted GIF
(CVE-2021-46829).


References:
https://www.openwall.com/lists/oss-security/2022/07/23/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46829
https://www.openwall.com/lists/oss-security/2022/07/25/1
========================

Updated packages in core/updates_testing:
========================
gdk-pixbuf2.0-2.42.2-1.1.mga8
lib64gdk_pixbuf2.0_0-2.42.2-1.1.mga8
lib64gdk_pixbuf2.0-devel-2.42.2-1.1.mga8
lib64gdk_pixbuf-gir2.0-2.42.2-1.1.mga8

from gdk-pixbuf2.0-2.42.2-1.1.mga8.src.rpm



Potential test procedures.
https://bugs.mageia.org/show_bug.cgi?id=21680#c7
https://bugs.mageia.org/show_bug.cgi?id=22399#c5

Keywords: (none) => has_procedure
CVE: (none) => CVE-2021-46829
CC: (none) => mhrambo3501
Assignee: pkg-bugs => qa-bugs

Comment 4 Dave Hodgins 2022-07-28 01:49:51 CEST
Before the update
[dave@x3 gdk-pixbuf]$ eog wrap_around.poc 

(eog:137113): EOG-WARNING **: 19:47:48.318: Error loading Eog typelib: Typelib file for namespace 'Eog', version '3.0' not found


(eog:137113): libpeas-WARNING **: 19:47:48.398: Type not found in introspection: 'EogApplicationActivatable'

(eog:137113): libpeas-WARNING **: 19:47:48.398: Method 'EogApplicationActivatable.activate' was not found

(eog:137113): libpeas-WARNING **: 19:47:48.508: Type not found in introspection: 'EogWindowActivatable'

(eog:137113): libpeas-WARNING **: 19:47:48.508: Method 'EogWindowActivatable.activate' was not found
Segmentation fault (core dumped)
[dave@x3 gdk-pixbuf]$ eog wrap_around.poc

(eog:137188): EOG-WARNING **: 19:48:48.478: Error loading Eog typelib: Typelib file for namespace 'Eog', version '3.0' not found


(eog:137188): libpeas-WARNING **: 19:48:48.564: Type not found in introspection: 'EogApplicationActivatable'

(eog:137188): libpeas-WARNING **: 19:48:48.564: Method 'EogApplicationActivatable.activate' was not found

(eog:137188): libpeas-WARNING **: 19:48:48.677: Type not found in introspection: 'EogWindowActivatable'

(eog:137188): libpeas-WARNING **: 19:48:48.677: Method 'EogWindowActivatable.activate' was not found
Segmentation fault (core dumped)

Will test the update when it reaches kernel.org

CC: (none) => davidwhodgins

Comment 5 Dave Hodgins 2022-07-28 02:11:21 CEST
Confirmed eog no longer segfaults with wrap_around.poc or more_trouble.poc,
and continues to work ok with valid images.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK

Dave Hodgins 2022-07-29 20:38:37 CEST

Keywords: (none) => advisory

Comment 6 Mageia Robot 2022-07-29 22:54:47 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0269.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.