gdk-pixbuf2-2.42.6-3.el9

エラータID: AXSA:2023-5591:01

Release date: 
Monday, May 29, 2023 - 06:21
Subject: 
gdk-pixbuf2-2.42.6-3.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter.

Security Fix(es):

* gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data (CVE-2021-44648)
* gdk-pixbuf: heap-based buffer overflow when compositing or clearing frames in GIF files (CVE-2021-46829)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-44648
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
CVE-2021-46829
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.

Solution: 

Update packages.

CVEs: 
CVE-2021-44648
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
CVE-2021-46829
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
Additional Info: 

N/A

Download: 

SRPMS
  1. gdk-pixbuf2-2.42.6-3.el9.src.rpm
    MD5: e6be16c0b12b3bad953c81729b3e3d43
    SHA-256: 7ca3f51a4ea79161dd91ff4864e762a94a2e46dee76e8344a12bd70b61bad113
    Size: 7.37 MB

Asianux Server 9 for x86_64
  1. gdk-pixbuf2-2.42.6-3.el9.i686.rpm
    MD5: 45a9239ada41fd811c5e167d9acc7ab5
    SHA-256: 595cf6d0da2d0f5784844785e26fd31f79a7c0428aa889a0f1cdb881749d7a2b
    Size: 474.23 kB
  2. gdk-pixbuf2-2.42.6-3.el9.x86_64.rpm
    MD5: ca3c8e115eaa057a3b1793c27b684e18
    SHA-256: 538910ddde3137245f490a62a33f03e46461772f581ca501f67ec3604e00ffa3
    Size: 466.34 kB
  3. gdk-pixbuf2-devel-2.42.6-3.el9.i686.rpm
    MD5: 97eb504aa079dd5119df0fdc409a96c9
    SHA-256: 3326046b0a3f00f4714ec7e92c49733eb9768ccd6feb23258c2aa90d0f458c5f
    Size: 63.79 kB
  4. gdk-pixbuf2-devel-2.42.6-3.el9.x86_64.rpm
    MD5: 2a72d2e4de2bac1102a0cf350223f6b7
    SHA-256: d933b8a0a4dfcea98c1dc27cfc610e58c4f5799d75a1a0cbd7c32a340c5b18ec
    Size: 63.52 kB
  5. gdk-pixbuf2-modules-2.42.6-3.el9.i686.rpm
    MD5: a5d4934eaf012249a3781bbf603e96d6
    SHA-256: b8a3934d0942318e34e8d1c5172b549ed05827edcff572e251ff5cde6d50f9a3
    Size: 88.66 kB
  6. gdk-pixbuf2-modules-2.42.6-3.el9.x86_64.rpm
    MD5: 7bec70904b85c67cbf1d6567d2ef9fab
    SHA-256: 272704a8efd14b319f819a9b4d4194927642749c9b07c1cb41b96491244d4529
    Size: 84.16 kB