GNOME Gdkpixbuf
By the Year
In 2024 there have been 1 vulnerability in GNOME Gdkpixbuf with an average score of 7.8 out of ten. Gdkpixbuf did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 7.80 |
2023 | 0 | 0.00 |
2022 | 1 | 8.80 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Gdkpixbuf vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNOME Gdkpixbuf Security Vulnerabilities
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10
CVE-2022-48622
7.8 - High
- January 26, 2024
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.
Memory Corruption
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
CVE-2021-44648
8.8 - High
- January 12, 2022
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
Memory Corruption
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7
CVE-2005-2976
- November 18, 2005
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
Integer Overflow or Wraparound
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7
CVE-2005-2975
- November 18, 2005
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.
Resource Management Errors
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4
CVE-2004-0753
- October 20, 2004
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
Infinite Loop
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values
CVE-2004-0782
- October 20, 2004
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may
CVE-2004-0783
- October 20, 2004
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
Memory Corruption
Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4
CVE-2004-0788
- October 20, 2004
Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.
Integer Overflow or Wraparound
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for GNOME Gtk or by GNOME? Click the Watch button to subscribe.