gdk-pixbuf-devel-2.42.12-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13967 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gdk-pixbuf-devel-2.42.12-1.1 on GA media These are all security issues fixed in the gdk-pixbuf-devel-2.42.12-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13967 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13967 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-48622/ SUSE CVE CVE-2022-48622 page openSUSE Tumbleweed gdk-pixbuf-devel-2.42.12-1.1 gdk-pixbuf-devel-32bit-2.42.12-1.1 gdk-pixbuf-lang-2.42.12-1.1 gdk-pixbuf-query-loaders-2.42.12-1.1 gdk-pixbuf-query-loaders-32bit-2.42.12-1.1 gdk-pixbuf-thumbnailer-2.42.12-1.1 libgdk_pixbuf-2_0-0-2.42.12-1.1 libgdk_pixbuf-2_0-0-32bit-2.42.12-1.1 typelib-1_0-GdkPixbuf-2_0-2.42.12-1.1 typelib-1_0-GdkPixdata-2_0-2.42.12-1.1 gdk-pixbuf-devel-2.42.12-1.1 as a component of openSUSE Tumbleweed gdk-pixbuf-devel-32bit-2.42.12-1.1 as a component of openSUSE Tumbleweed gdk-pixbuf-lang-2.42.12-1.1 as a component of openSUSE Tumbleweed gdk-pixbuf-query-loaders-2.42.12-1.1 as a component of openSUSE Tumbleweed gdk-pixbuf-query-loaders-32bit-2.42.12-1.1 as a component of openSUSE Tumbleweed gdk-pixbuf-thumbnailer-2.42.12-1.1 as a component of openSUSE Tumbleweed libgdk_pixbuf-2_0-0-2.42.12-1.1 as a component of openSUSE Tumbleweed libgdk_pixbuf-2_0-0-32bit-2.42.12-1.1 as a component of openSUSE Tumbleweed typelib-1_0-GdkPixbuf-2_0-2.42.12-1.1 as a component of openSUSE Tumbleweed typelib-1_0-GdkPixdata-2_0-2.42.12-1.1 as a component of openSUSE Tumbleweed In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c. CVE-2022-48622 openSUSE Tumbleweed:gdk-pixbuf-devel-2.42.12-1.1 openSUSE Tumbleweed:gdk-pixbuf-devel-32bit-2.42.12-1.1 openSUSE Tumbleweed:gdk-pixbuf-lang-2.42.12-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-2.42.12-1.1 openSUSE Tumbleweed:gdk-pixbuf-query-loaders-32bit-2.42.12-1.1 openSUSE Tumbleweed:gdk-pixbuf-thumbnailer-2.42.12-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-2.42.12-1.1 openSUSE Tumbleweed:libgdk_pixbuf-2_0-0-32bit-2.42.12-1.1 openSUSE Tumbleweed:typelib-1_0-GdkPixbuf-2_0-2.42.12-1.1 openSUSE Tumbleweed:typelib-1_0-GdkPixdata-2_0-2.42.12-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-48622.html CVE-2022-48622 https://bugzilla.suse.com/1219276 SUSE Bug 1219276 https://bugzilla.suse.com/1220293 SUSE Bug 1220293