rpm package
almalinux/gdk-pixbuf2
pkg:rpm/almalinux/gdk-pixbuf2
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-5201 | Hig | 7.5 | < 2.42.12-4.el10_1.5 | 2.42.12-4.el10_1.5 | Mar 31, 2026 | A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user inte | |
| CVE-2025-7345 | Hig | 7.5 | < 2.36.12-7.el8_10 | 2.36.12-7.el8_10 | Jul 8, 2025 | A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds | |
| CVE-2022-48622 | — | < 2.36.12-6.el8_10 | 2.36.12-6.el8_10 | Jan 26, 2024 | In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading | ||
| CVE-2021-46829 | — | < 2.42.6-3.el9 | 2.42.6-3.el9 | Jul 24, 2022 | GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit s | ||
| CVE-2021-44648 | — | < 2.42.6-3.el9 | 2.42.6-3.el9 | Jan 12, 2022 | GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. | ||
| CVE-2019-12795 | — | < 2.36.12-5.el8 | 2.36.12-5.el8 | Jun 11, 2019 | daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that | ||
| CVE-2019-11459 | — | < 2.36.12-5.el8 | 2.36.12-5.el8 | Apr 22, 2019 | The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. |
- affected < 2.42.12-4.el10_1.5fixed 2.42.12-4.el10_1.5
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user inte
- affected < 2.36.12-7.el8_10fixed 2.36.12-7.el8_10
A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds
- CVE-2022-48622Jan 26, 2024affected < 2.36.12-6.el8_10fixed 2.36.12-6.el8_10
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading
- CVE-2021-46829Jul 24, 2022affected < 2.42.6-3.el9fixed 2.42.6-3.el9
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit s
- CVE-2021-44648Jan 12, 2022affected < 2.42.6-3.el9fixed 2.42.6-3.el9
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
- CVE-2019-12795Jun 11, 2019affected < 2.36.12-5.el8fixed 2.36.12-5.el8
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that
- CVE-2019-11459Apr 22, 2019affected < 2.36.12-5.el8fixed 2.36.12-5.el8
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.