REDHAT-BUG-2260545
First published: Fri Jan 26 2024(Updated: )
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c. <a href="https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202">https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GdkPixbuf | <=2.42.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2260545?
REDHAT-BUG-2260545 is classified as a critical vulnerability due to potential heap memory corruption.
How do I fix REDHAT-BUG-2260545?
To fix REDHAT-BUG-2260545, upgrade your GNOME GdkPixbuf to version 2.42.10 or later.
What types of attacks can REDHAT-BUG-2260545 enable?
REDHAT-BUG-2260545 can enable remote code execution or denial of service attacks through crafted ANI files.
Which versions of GNOME GdkPixbuf are affected by REDHAT-BUG-2260545?
Versions of GNOME GdkPixbuf up to and including 2.42.10 are affected by REDHAT-BUG-2260545.
What is the impact of exploiting REDHAT-BUG-2260545?
Exploiting REDHAT-BUG-2260545 could lead to heap metadata corruption and potentially disrupt system functionality.
- agent/severity
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-48622
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gnome
- canonical/gdkpixbuf