Bug 25816

Summary: CVE-2011-2485: Excessive memory use due improper checking of certain return values in GIF image loader
Product: Sisyphus Reporter: Dmitry V. Levin <ldv>
Component: libgdk-pixbufAssignee: Yuri N. Sedunov <aris>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: critical    
Priority: P3 CC: aris
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2485

Description Dmitry V. Levin 2011-06-25 04:35:02 MSK
"It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load()
routine did not properly handle certain return values from its subroutines.
A remote attacker could provide a specially-crafted GIF image, which once
opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf
to return partially initialized pixbuf structure, possibly having huge
width and height, leading to that particular application termination due
excessive memory use."
Comment 1 Repository Robot 2011-06-25 05:35:17 MSK
libgdk-pixbuf-2.23.4-alt2 -> sisyphus:

* Sat Jun 25 2011 Yuri N. Sedunov <aris@altlinux> 2.23.4-alt2
- fixed CVE-2011-2485 (ALT #25816)