oss-sec mailing list archives
CVE-2011-2485 assignment notification -- gdk-pixbuf
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 24 Jun 2011 11:12:02 +0200
Hello Josh, Steve, vendors, the following security flaw has been found in the way gdk-pixbuf, animage loading library, loaded certain Graphics Interchange Format (GIF) image files:
=======================================================================It was found that gdk-pixbuf's gdk_pixbuf__gif_image_load() GIF image loader routine did not properly handle certain return values from its
subroutines. A remote attacker could provide a specially-crafted GIF image, which once opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf to return partially initialized pixbuf structure, possibly having huge width and height, leading to that particular application termination due excessive memory use. The CVE identifier of CVE-2011-2485 has been assigned to this issue. References: [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2485[2] http://git.gnome.org/browse/gdk-pixbuf/commit/?id=f8569bb13e2aa1584dde61ca545144750f7a7c98
This issue could lead (for example) in Pidgin to: ================================================= A remote attacker could set a specially-crafted GIF image as their buddy icon that could lead to Pidgin being terminated due to excessive memory use. References: [3] https://bugzilla.redhat.com/show_bug.cgi?id=714754 [4] http://www.pidgin.im/news/security/?id=52 Credit: Issue has been discovered and reported by Mark Doliner of the Pidgin project. We did not allocate a second CVE identifier for the Pidgin issue,since the true underlying reason for this was the gdk-pixbuf image loading library problem. This is based on last paragraph from:
[5] http://www.openwall.com/lists/oss-security/2011/03/30/3 more exactly on that part about 'issues like incorrectly reporting error status from an API function' (although this not being case of compiler, but rather case of library). Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE-2011-2485 assignment notification -- gdk-pixbuf Jan Lieskovsky (Jun 24)