MGASA-2024-0182

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0182.html

Import Source

https://advisories.mageia.org/MGASA-2024-0182.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2024-0182

Related

CVE-2022-48622

Published

2024-05-21T23:17:20Z

Modified

2024-05-21T22:39:51Z

Summary

Updated gdk-pixbuf2.0 packages fix security vulnerability

Details

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in aniloadchunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdkpixbufset_option() in gdk-pixbuf.c.

References

https://advisories.mageia.org/MGASA-2024-0182.html
https://bugs.mageia.org/show_bug.cgi?id=33223
https://lwn.net/Articles/973904/
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2024-0182

Affected packages