#25816 – CVE-2011-2485: Excessive memory use due improper checking of certain return values in GIF image loader

Bug 25816 - CVE-2011-2485: Excessive memory use due improper checking of certain return values in GIF image loader

Summary: CVE-2011-2485: Excessive memory use due improper checking of certain return v...

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	libgdk-pixbuf (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 critical
Assignee:	Yuri N. Sedunov
QA Contact:	qa-sisyphus

URL:	https://bugzilla.redhat.com/show_bug....
Keywords:	security

Depends on:
Blocks:

Reported:	2011-06-25 04:35 MSK by Dmitry V. Levin
Modified:	2011-06-25 05:35 MSK (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dmitry V. Levin 2011-06-25 04:35:02 MSK

"It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load()
routine did not properly handle certain return values from its subroutines.
A remote attacker could provide a specially-crafted GIF image, which once
opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf
to return partially initialized pixbuf structure, possibly having huge
width and height, leading to that particular application termination due
excessive memory use."

Comment 1 Repository Robot 2011-06-25 05:35:17 MSK

libgdk-pixbuf-2.23.4-alt2 -> sisyphus:

* Sat Jun 25 2011 Yuri N. Sedunov <aris@altlinux> 2.23.4-alt2
- fixed CVE-2011-2485 (ALT #25816)