Mageia Bugzilla – Bug 6567
gdk-pixbuf2.0 new security issue CVE-2012-2370
Last modified: 2012-07-10 00:25:15 CEST
An integer overflow in gdk-pixbuf2.0 was fixed upstream in 2.24.1-r1.
Mageia 2 has 2.26.1 which is not affected.
Patched package for Mageia 1 uploaded.
Updated gdk-pixbuf2.0 packages fix security vulnerability:
An integer overflow flaw was found in the way X BitMap (XBM) image
file format loader of gdk-pixbuf, an image loading library used with
GNOME, used to read bitmap file data for certain images. A remote
attacker could provide a specially-crafted XBM image file, which once
loaded in an application linked against gdk-pixbuf, would lead to that
application termination (GLib error and application abort)
Updated packages in core/updates_testing:
Testing complete on Mageia 1 i586.
Testing using the attachment (id=210585) from
Before the update ...
$ eog .
GLib-ERROR **: gmem.c:170: failed to allocate 4294967291 bytes
After the update, eog starts and displays a message that it could not
load the image test.xbm
tested the same way as in comment #1 on Mageia 1 x86_64
see comment #0 for advisory and SRPM.