First published: Fri Dec 11 2020(Updated: )
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNOME gdk-pixbuf | <2.42.2 | |
Canonical Ubuntu Linux | =20.04 | |
Canonical Ubuntu Linux | =20.10 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
debian/gdk-pixbuf | <=2.40.0+dfsg-8<=2.40.0+dfsg-10 | |
debian/gdk-pixbuf | 2.42.2+dfsg-1+deb11u2 2.42.2+dfsg-1+deb11u1 2.42.10+dfsg-1+deb12u1 2.42.12+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-29385 is a vulnerability in GNOME gdk-pixbuf that allows a denial of service (infinite loop) in lzw.c.
The severity of CVE-2020-29385 is high with a severity value of 5.5.
CVE-2020-29385 affects GNOME gdk-pixbuf before version 2.42.2.
Yes, there are remedies available for CVE-2020-29385 in the affected software.
You can find more information about CVE-2020-29385 on the MITRE CVE website, the GNOME mailing list, and the Ubuntu Security Notices website.