[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
** Changed in: gdk-pixbuf (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: Fix Released Status in gdk-pixbuf source package in Focal: Fix Released Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
This bug was fixed in the package gdk-pixbuf - 2.40.0+dfsg-3ubuntu0.3 --- gdk-pixbuf (2.40.0+dfsg-3ubuntu0.3) focal-security; urgency=medium * SECURITY UPDATE: Buffer overwrite in io-gif-animation.c composite_frame() (LP: #1982898) - debian/patches/CVE-2021-46829.patch: gif: Check for overflow when compositing or clearing frames. - CVE-2021-46829 -- Joshua Peisach Tue, 26 Jul 2022 20:42:00 -0400 ** Changed in: gdk-pixbuf (Ubuntu Focal) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Status in gdk-pixbuf source package in Focal: Fix Released Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
ACK on the debdiff in comment #5, I am currently building it (with a slight change to add the bug number to the changelog) and will release it as a security update next week. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Status in gdk-pixbuf source package in Focal: New Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
Hi Joshua and Pedro, Have you reported the side effects of the fix to those projects you mentioned? If yes could you add the bug reports here? thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Status in gdk-pixbuf source package in Focal: New Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
** Also affects: gdk-pixbuf (Ubuntu Focal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Status in gdk-pixbuf source package in Focal: New Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
Got it, thanks for the explanation. At least we know the overwrite doesn't happen, which removes the potential security issue out of the equation. To be honest I'm not completely convinced it was exploitable, but I'm not convinced it wasn't either, so better play it safe and patch it out. The side effects on other apps are unfortunate, but like you say, it's up to the apps to manage errors coming from gdk-pixbuf. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
I can confirm for myself now aswell that I am experiencing issues. Some applications, most of them listed above in one way or another can be found to properly be unable to handle these images. Gdk-pixbuf still crashes but no longer is a buffer overwrite. Technically a win - but the key issue is apps do not know how to respond to what to do when gdk-pixbuf dies. Take eye of gnome - if you open a file directly from terminal using one of the POCs, it is fine and reads the gdk-pixbuf error correctly. But cycle to the next POC and it crashes. Probably a lot of this is apps being tied into gdk-pixbuf, and if I am correct it is a part of Gtk so apps are sort of forced to be connected to it. When one breaks down, it's like a cable wire. In the future, for stability purposes patches need to be made to apps so whenever a component like gdk-pixbuf fails, the rest of the app doesn't (or has some fallback state) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
Tested on Ubuntu 22.04, it seems that EoG / EoM / gdk- pixbuf-{pixdata,thumbnailer} try to allocate all the system's memory with the "more_trouble.poc" from the original report. Out of these, EoM seems not to handle it gracefully, as it gets killed by oom-killer. The others simply give up at some point without being killed and do not crash. Seems like a different bug that affects EoM, but might affect other users of gdk-pixbuf too? ** Attachment added: "Crashes EoM on 22.04 with oom (might crash other gdk-pixbuf users too)" https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+attachment/5605647/+files/more_trouble.poc -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
** Attachment added: "Eye of MATE Crash" https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+attachment/5605633/+files/EOMCrash.tar.gz ** Description changed: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog + - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 - * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md + * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
** Attachment added: "Nautilus crash" https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+attachment/5605632/+files/NautilusCrash.tar.gz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
** Description changed: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - - Eye of GNOME (eog) triggers the segfault in syslog + - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) + - Eye of GNOME (eog) triggers the segfault in syslog * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ - * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md + * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 + * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
Hmm… check Jammy/Kinetic. Can you send me the crash file/syslog? Some apps I think have proper handling of bad files while others don’t. For example, EOG can detect its a bad file. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
I just checked, and it seems EOM still crashes with OOM, even with the patched library (version 2.42.8). I'm guessing this is a separate bug in EOM? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
** Description changed: [Impact] - * A buffer overwrite exists in gdk-pixbuf's thumbnailer. + * A buffer overwrite exists in gdk-pixbuf's thumbnailer. - * The GIF loader runs out of memory with specifically crafted files + * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. - * After gdk-pixbuf-thum runs out of memory, other apps can and on low + * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. - * Or, in other ways, bad gif files in other applications can open the + * Or, in other ways, bad gif files in other applications can open the door for exploits. - * Any app using gdk-pixbuf is affected, mainly file managers and image + * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] - * Take the POC's - they can be found in the issue in the GNOME repo + * Take the POC's - they can be found in the issue in the GNOME repo - * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - - Nautilus, GNOME's file manager - - Nemo, Cinnamon's file manager - - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - - PCManFM, LXDE's file manager which straight up crashes - I have not been able to produce any results with Caja (MATE's file manager) but have personally experienced issues with Nautilus. POC logs and crashes are attached. + * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: + - Nautilus, GNOME's file manager + - Nemo, Cinnamon's file manager + - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes + - PCManFM, LXDE's file manager which straight up crashes + - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) + - Eye of GNOME (eog) triggers the segfault in syslog - * If you or the system couldn't tell something is wrong, cat + * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] - * The patch itself is simple, but since gdk-pixbuf is often used with + * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. - * It is possible, and has happened in the past (which has been patched) + * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. - * That patch is essentially overflow checks - changes with GLib + * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems - * Other failures to properly handle GIFs and broken or intentionally + * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] - - * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. - * Files attached are examples or crashes - * Again, all apps using gdk-pixbuf are affected - * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ - * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md + + * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. + * Files attached are examples or crashes + * Again, all apps using gdk-pixbuf are affected + * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ + * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
** Description changed: - There is a buffer overwrite in gdk-pixbuf. I will eventually create a - whole SRU document with how to reproduce and all, but I'll just say it - is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo - causes the entire system to run out of memory. (With firefox, 1612/3922 - MB - which says something.) + [Impact] - It may be possible all apps using gdk-pixbuf can have a problem handling - files like the PoC. + * A buffer overwrite exists in gdk-pixbuf's thumbnailer. - https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 + * The GIF loader runs out of memory with specifically crafted files + with bad frame data (and images with its sizes) over the integer limit. + + * After gdk-pixbuf-thum runs out of memory, other apps can and on low + RAM systems like my old iMac, the system can completely run out of + memory. + + * Or, in other ways, bad gif files in other applications can open the + door for exploits. + + * Any app using gdk-pixbuf is affected, mainly file managers and image + viewers. + + [Test Plan] + + * Take the POC's - they can be found in the issue in the GNOME repo + + * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: + - Nautilus, GNOME's file manager + - Nemo, Cinnamon's file manager + - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes + - PCManFM, LXDE's file manager which straight up crashes + I have not been able to produce any results with Caja (MATE's file manager) but have personally experienced issues with Nautilus. POC logs and crashes are attached. + + * If you or the system couldn't tell something is wrong, cat + /var/log/syslog and enjoy the segfaults or out of memory warnings or + even kernel spam. + + [Where problems could occur] + + * The patch itself is simple, but since gdk-pixbuf is often used with + GTK apps a mistake here could be problematic. + + * It is possible, and has happened in the past (which has been patched) + that other bad GIFs can cause other crashes. + + * That patch is essentially overflow checks - changes with GLib + (GNOME's, not to be confused with glibc) and the functions used in not + only the patch but all of gdk-pixbuf can cause problems + + * Other failures to properly handle GIFs and broken or intentionally + tampered GIFs can continue and always will open the door for security + holes for other bugs + + * Again, overall a simple patch but as long as the GIFs remain handled + properly, and no changes to the GLib functions are made and to other + apps that use gdk-pixbuf (and assuming are not affected by the change + and still work), the patch does not have much regression potential. + + [Other Info] + + * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. + * Files attached are examples or crashes + * Again, all apps using gdk-pixbuf are affected + * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ + * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
Here's proposal focal patch - I noticed some whitespaces but those are in the code and not introduced by me. ** Patch added: "Proposed focal patch" https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+attachment/5605438/+files/gdk-pixbuf_2.40.0+dfsg-3ubuntu0.3.debdiff ** Changed in: gdk-pixbuf (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: There is a buffer overwrite in gdk-pixbuf. I will eventually create a whole SRU document with how to reproduce and all, but I'll just say it is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo causes the entire system to run out of memory. (With firefox, 1612/3922 MB - which says something.) It may be possible all apps using gdk-pixbuf can have a problem handling files like the PoC. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
PCManFM crashed to this. that's my last POC - I'm going to create the patch ** Attachment added: "pcmanfmcrash.tar.gz" https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+attachment/5605437/+files/pcmanfmcrash.tar.gz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: New Bug description: There is a buffer overwrite in gdk-pixbuf. I will eventually create a whole SRU document with how to reproduce and all, but I'll just say it is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo causes the entire system to run out of memory. (With firefox, 1612/3922 MB - which says something.) It may be possible all apps using gdk-pixbuf can have a problem handling files like the PoC. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
Thunar, which uses tumbler for thumbnailing, produced a crash. ** Attachment added: "Tumbler (xfce thumbnailer crash)" https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+attachment/5605436/+files/libgdkpixbufloader-gif-crash.tar.gz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: New Bug description: There is a buffer overwrite in gdk-pixbuf. I will eventually create a whole SRU document with how to reproduce and all, but I'll just say it is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo causes the entire system to run out of memory. (With firefox, 1612/3922 MB - which says something.) It may be possible all apps using gdk-pixbuf can have a problem handling files like the PoC. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
Here is what it did to my iMac. ** Attachment added: "OldiMacSyslog" https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+attachment/5605435/+files/OldiMacSyslog ** Changed in: gdk-pixbuf (Ubuntu) Assignee: (unassigned) => Joshua Peisach (itzswirlz) ** Tags removed: jammy ** Tags added: bionic xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: New Bug description: There is a buffer overwrite in gdk-pixbuf. I will eventually create a whole SRU document with how to reproduce and all, but I'll just say it is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo causes the entire system to run out of memory. (With firefox, 1612/3922 MB - which says something.) It may be possible all apps using gdk-pixbuf can have a problem handling files like the PoC. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp