OESA-2022-1762

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1762
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-1762.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2022-1762
Upstream
Published
2022-07-22T11:04:00Z
Modified
2025-08-12T05:06:22.467134Z
Summary
gdk-pixbuf2 security update
Details

gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites.

Security Fix(es):

A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20240)

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function writeindexes. if c->selfcode equals 10, self->codetable[10].extends will assign the value 11 to c. The next execution in the loop will assign self->codetable[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.(CVE-2020-29385)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP3 / gdk-pixbuf2

Package

Name
gdk-pixbuf2
Purl
pkg:rpm/openEuler/gdk-pixbuf2&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.40.0-2.oe1

Ecosystem specific 

{
    "src": [
        "gdk-pixbuf2-2.40.0-2.oe1.src.rpm"
    ],
    "x86_64": [
        "gdk-pixbuf2-devel-2.40.0-2.oe1.x86_64.rpm",
        "gdk-pixbuf2-debuginfo-2.40.0-2.oe1.x86_64.rpm",
        "gdk-pixbuf2-debugsource-2.40.0-2.oe1.x86_64.rpm",
        "gdk-pixbuf2-2.40.0-2.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "gdk-pixbuf2-debugsource-2.40.0-2.oe1.aarch64.rpm",
        "gdk-pixbuf2-debuginfo-2.40.0-2.oe1.aarch64.rpm",
        "gdk-pixbuf2-devel-2.40.0-2.oe1.aarch64.rpm",
        "gdk-pixbuf2-2.40.0-2.oe1.aarch64.rpm"
    ],
    "noarch": [
        "gdk-pixbuf2-help-2.40.0-2.oe1.noarch.rpm"
    ]
}