A vulnerability has been found in GDK-PixBuf that may allow a remote attacker to execute arbitrary code.
|Package||x11-libs/gdk-pixbuf on all architectures|
|Affected versions||< 2.36.11|
|Unaffected versions||>= 2.36.11|
GDK-PixBuf is an image loading library for GTK+.
Several integer overflows were discovered in GDK-PixBuf’s gif_get_lzw function.
A remote attacker, by enticing a user to process a specially crafted image file, could execute arbitrary code or cause a Denial of Service condition.
There is no known workaround at this time.
All GDK-PixBuf users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/gdk-pixbuf-2.36.11"
April 17, 2018
April 17, 2018: 1