Joined: 12 May 2004
|Posted: Tue Apr 17, 2018 7:26 pm Post subject: [ GLSA 201804-14 ] GDK-PixBuf
|Gentoo Linux Security Advisory
Title: GDK-PixBuf: Remote code execution (GLSA 201804-14)
A vulnerability has been found in GDK-PixBuf that may allow a
remote attacker to execute arbitrary code.
GDK-PixBuf is an image loading library for GTK+.
Vulnerable: < 2.36.11
Unaffected: >= 2.36.11
Architectures: All supported architectures
Several integer overflows were discovered in GDK-PixBuf’s gif_get_lzw
A remote attacker, by enticing a user to process a specially crafted
image file, could execute arbitrary code or cause a Denial of Service
There is no known workaround at this time.
All GDK-PixBuf users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/gdk-pixbuf-2.36.11"