gdk-pixbuf-devel-2.42.6-3.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10779 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gdk-pixbuf-devel-2.42.6-3.2 on GA media These are all security issues fixed in the gdk-pixbuf-devel-2.42.6-3.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10779 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10779 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-2862/ SUSE CVE CVE-2017-2862 page https://www.suse.com/security/cve/CVE-2017-2870/ SUSE CVE CVE-2017-2870 page https://www.suse.com/security/cve/CVE-2017-6312/ SUSE CVE CVE-2017-6312 page https://www.suse.com/security/cve/CVE-2017-6313/ SUSE CVE CVE-2017-6313 page https://www.suse.com/security/cve/CVE-2020-29385/ SUSE CVE CVE-2020-29385 page openSUSE Tumbleweed gdk-pixbuf-devel-2.42.6-3.2 gdk-pixbuf-devel-32bit-2.42.6-3.2 gdk-pixbuf-lang-2.42.6-3.2 gdk-pixbuf-query-loaders-2.42.6-3.2 gdk-pixbuf-query-loaders-32bit-2.42.6-3.2 gdk-pixbuf-thumbnailer-2.42.6-3.2 libgdk_pixbuf-2_0-0-2.42.6-3.2 libgdk_pixbuf-2_0-0-32bit-2.42.6-3.2 typelib-1_0-GdkPixbuf-2_0-2.42.6-3.2 typelib-1_0-GdkPixdata-2_0-2.42.6-3.2 gdk-pixbuf-devel-2.42.6-3.2 as a component of openSUSE Tumbleweed gdk-pixbuf-devel-32bit-2.42.6-3.2 as a component of openSUSE Tumbleweed gdk-pixbuf-lang-2.42.6-3.2 as a component of openSUSE Tumbleweed gdk-pixbuf-query-loaders-2.42.6-3.2 as a component of openSUSE Tumbleweed gdk-pixbuf-query-loaders-32bit-2.42.6-3.2 as a component of openSUSE Tumbleweed gdk-pixbuf-thumbnailer-2.42.6-3.2 as a component of openSUSE Tumbleweed libgdk_pixbuf-2_0-0-2.42.6-3.2 as a component of openSUSE Tumbleweed libgdk_pixbuf-2_0-0-32bit-2.42.6-3.2 as a component of openSUSE Tumbleweed typelib-1_0-GdkPixbuf-2_0-2.42.6-3.2 as a component of openSUSE Tumbleweed typelib-1_0-GdkPixdata-2_0-2.42.6-3.2 as a component of openSUSE Tumbleweed An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. CVE-2017-2862 openSUSE Tumbleweed:gdk-pixbuf-devel-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-devel-32bit-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-lang-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-32bit-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-thumbnailer-2.42.6-3.2 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-2.42.6-3.2 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-32bit-2.42.6-3.2 openSUSE Tumbleweed:typelib-1_0-GdkPixbuf-2_0-2.42.6-3.2 openSUSE Tumbleweed:typelib-1_0-GdkPixdata-2_0-2.42.6-3.2 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-2862.html CVE-2017-2862 https://bugzilla.suse.com/1048289 SUSE Bug 1048289 An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. CVE-2017-2870 openSUSE Tumbleweed:gdk-pixbuf-devel-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-devel-32bit-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-lang-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-32bit-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-thumbnailer-2.42.6-3.2 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-2.42.6-3.2 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-32bit-2.42.6-3.2 openSUSE Tumbleweed:typelib-1_0-GdkPixbuf-2_0-2.42.6-3.2 openSUSE Tumbleweed:typelib-1_0-GdkPixdata-2_0-2.42.6-3.2 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-2870.html CVE-2017-2870 https://bugzilla.suse.com/1048289 SUSE Bug 1048289 https://bugzilla.suse.com/1048544 SUSE Bug 1048544 Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. CVE-2017-6312 openSUSE Tumbleweed:gdk-pixbuf-devel-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-devel-32bit-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-lang-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-32bit-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-thumbnailer-2.42.6-3.2 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-2.42.6-3.2 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-32bit-2.42.6-3.2 openSUSE Tumbleweed:typelib-1_0-GdkPixbuf-2_0-2.42.6-3.2 openSUSE Tumbleweed:typelib-1_0-GdkPixdata-2_0-2.42.6-3.2 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-6312.html CVE-2017-6312 https://bugzilla.suse.com/1027024 SUSE Bug 1027024 https://bugzilla.suse.com/1027026 SUSE Bug 1027026 Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. CVE-2017-6313 openSUSE Tumbleweed:gdk-pixbuf-devel-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-devel-32bit-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-lang-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-32bit-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-thumbnailer-2.42.6-3.2 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-2.42.6-3.2 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-32bit-2.42.6-3.2 openSUSE Tumbleweed:typelib-1_0-GdkPixbuf-2_0-2.42.6-3.2 openSUSE Tumbleweed:typelib-1_0-GdkPixdata-2_0-2.42.6-3.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-6313.html CVE-2017-6313 https://bugzilla.suse.com/1027024 SUSE Bug 1027024 GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. CVE-2020-29385 openSUSE Tumbleweed:gdk-pixbuf-devel-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-devel-32bit-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-lang-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-32bit-2.42.6-3.2 openSUSE Tumbleweed:gdk-pixbuf-thumbnailer-2.42.6-3.2 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-2.42.6-3.2 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-32bit-2.42.6-3.2 openSUSE Tumbleweed:typelib-1_0-GdkPixbuf-2_0-2.42.6-3.2 openSUSE Tumbleweed:typelib-1_0-GdkPixdata-2_0-2.42.6-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-29385.html CVE-2020-29385 https://bugzilla.suse.com/1180393 SUSE Bug 1180393