io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.30.7-0ubuntu1.2", "binary_name": "gir1.2-gdkpixbuf-2.0" }, { "binary_version": "2.30.7-0ubuntu1.2", "binary_name": "gir1.2-gdkpixbuf-2.0-dbgsym" }, { "binary_version": "2.30.7-0ubuntu1.2", "binary_name": "libgdk-pixbuf2.0-0" }, { "binary_version": "2.30.7-0ubuntu1.2", "binary_name": "libgdk-pixbuf2.0-0-dbg" }, { "binary_version": "2.30.7-0ubuntu1.2", "binary_name": "libgdk-pixbuf2.0-0-dbgsym" }, { "binary_version": "2.30.7-0ubuntu1.2", "binary_name": "libgdk-pixbuf2.0-0-udeb" }, { "binary_version": "2.30.7-0ubuntu1.2", "binary_name": "libgdk-pixbuf2.0-0-udeb-dbgsym" }, { "binary_version": "2.30.7-0ubuntu1.2", "binary_name": "libgdk-pixbuf2.0-common" }, { "binary_version": "2.30.7-0ubuntu1.2", "binary_name": "libgdk-pixbuf2.0-dev" }, { "binary_version": "2.30.7-0ubuntu1.2", "binary_name": "libgdk-pixbuf2.0-dev-dbgsym" }, { "binary_version": "2.30.7-0ubuntu1.2", "binary_name": "libgdk-pixbuf2.0-doc" } ] }