io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "gir1.2-gdkpixbuf-2.0", "binary_version": "2.30.7-0ubuntu1.2" }, { "binary_name": "gir1.2-gdkpixbuf-2.0-dbgsym", "binary_version": "2.30.7-0ubuntu1.2" }, { "binary_name": "libgdk-pixbuf2.0-0", "binary_version": "2.30.7-0ubuntu1.2" }, { "binary_name": "libgdk-pixbuf2.0-0-dbg", "binary_version": "2.30.7-0ubuntu1.2" }, { "binary_name": "libgdk-pixbuf2.0-0-dbgsym", "binary_version": "2.30.7-0ubuntu1.2" }, { "binary_name": "libgdk-pixbuf2.0-0-udeb", "binary_version": "2.30.7-0ubuntu1.2" }, { "binary_name": "libgdk-pixbuf2.0-0-udeb-dbgsym", "binary_version": "2.30.7-0ubuntu1.2" }, { "binary_name": "libgdk-pixbuf2.0-common", "binary_version": "2.30.7-0ubuntu1.2" }, { "binary_name": "libgdk-pixbuf2.0-dev", "binary_version": "2.30.7-0ubuntu1.2" }, { "binary_name": "libgdk-pixbuf2.0-dev-dbgsym", "binary_version": "2.30.7-0ubuntu1.2" }, { "binary_name": "libgdk-pixbuf2.0-doc", "binary_version": "2.30.7-0ubuntu1.2" } ] }