*** This bug is a security vulnerability *** Public security bug reported:
There is a buffer overwrite in gdk-pixbuf. I will eventually create a whole SRU document with how to reproduce and all, but I'll just say it is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo causes the entire system to run out of memory. (With firefox, 1612/3922 MB - which says something.) It may be possible all apps using gdk-pixbuf can have a problem handling files like the PoC. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: gdk-pixbuf (Ubuntu) Importance: Undecided Assignee: Joshua Peisach (itzswirlz) Status: New ** Tags: amd64 apport-bug bionic focal xenial ** Information type changed from Private Security to Public Security ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-46829 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: New Bug description: There is a buffer overwrite in gdk-pixbuf. I will eventually create a whole SRU document with how to reproduce and all, but I'll just say it is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo causes the entire system to run out of memory. (With firefox, 1612/3922 MB - which says something.) It may be possible all apps using gdk-pixbuf can have a problem handling files like the PoC. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
