GDK-PixBuf: Remote code execution — GLSA 201804-14

A vulnerability has been found in GDK-PixBuf that may allow a remote attacker to execute arbitrary code.

Affected Packages

x11-libs/gdk-pixbuf on all architectures
Affected versions < 2.36.11
Unaffected versions >= 2.36.11

Background

GDK-PixBuf is an image loading library for GTK+.

Description

Several integer overflows were discovered in GDK-PixBuf’s gif_get_lzw function.

Impact

A remote attacker, by enticing a user to process a specially crafted image file, could execute arbitrary code or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All GDK-PixBuf users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-libs/gdk-pixbuf-2.36.11"
 

References

Release Date
April 17, 2018

Latest Revision
April 17, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries