MGASA-2024-0182

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0182.html

Import Source

https://advisories.mageia.org/MGASA-2024-0182.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2024-0182

Related

CVE-2022-48622

Published

2024-05-21T23:17:20Z

Modified

2024-05-21T22:39:51Z

Summary

Updated gdk-pixbuf2.0 packages fix security vulnerability

Details

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in aniloadchunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdkpixbufset_option() in gdk-pixbuf.c.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / gdk-pixbuf2.0

Package

Name: gdk-pixbuf2.0
Purl: pkg:rpm/mageia/gdk-pixbuf2.0?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.42.10-2.1.mga9

Ecosystem specific

{
    "section": "core"
}