AZL-34069

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34069.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-34069

Upstream

CVE-2022-48622

Published

2024-01-26T09:15:07Z

Modified

2026-04-21T04:27:01.012678Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2022-48622 affecting package gdk-pixbuf2 for versions less than 2.40.0-6

Details

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in aniloadchunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdkpixbufset_option() in gdk-pixbuf.c.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-48622

Affected packages

Azure Linux:2 / gdk-pixbuf2

Package

Name: gdk-pixbuf2
Purl: pkg:rpm/azure-linux/gdk-pixbuf2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.40.0-6

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34069.json"