UbuntuUpdates.org

Package "gdk-pixbuf"

Name: gdk-pixbuf

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GDK Pixbuf library - GObject-Introspection
  • GDK Pixbuf library
  • GDK Pixbuf library (thumbnailer)
  • GDK Pixbuf library - data files

Latest version: 2.40.0+dfsg-3ubuntu0.4
Release: focal (20.04)
Level: updates
Repository: main

Links



Other versions of "gdk-pixbuf" in Focal

Repository Area Version
base main 2.40.0+dfsg-3
security main 2.40.0+dfsg-3ubuntu0.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.40.0+dfsg-3ubuntu0.4 2022-09-13 17:07:10 UTC

  gdk-pixbuf (2.40.0+dfsg-3ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: Heap-Buffer-Overflow
    - debian/patches/CVE-2021-44648-1.patch: Add an assertion that checks for maximum LZW code size
      in gdk-pixbuf/lzw.c.
    - debian/patches/CVE-2021-44648-2.patch: Fix the check for maximum value
      of LZW initial code size in gdk-pixbuf/io-gif.c.
    - debian/patches/CVE-2021-44648-3.patch: Add tests for GIF files with
      invalid LZW code size in tests/tests-images/fail/* and
      tests/tests-images/gif-test-suite/*.
    - debian/source/include-binaries: add tests binaries to the package
    - CVE-2021-44648

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 07 Sep 2022 12:05:42 -0300

Source diff to previous version
CVE-2021-44648 GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with

Version: 2.40.0+dfsg-3ubuntu0.3 2022-08-08 14:06:19 UTC

  gdk-pixbuf (2.40.0+dfsg-3ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: Buffer overwrite in io-gif-animation.c
    composite_frame() (LP: #1982898)
    - debian/patches/CVE-2021-46829.patch: gif: Check for overflow
      when compositing or clearing frames.
    - CVE-2021-46829

 -- Joshua Peisach <email address hidden> Tue, 26 Jul 2022 20:42:00 -0400

Source diff to previous version
1982898 CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
CVE-2021-46829 GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated

Version: 2.40.0+dfsg-3ubuntu0.2 2021-02-22 17:06:23 UTC

  gdk-pixbuf (2.40.0+dfsg-3ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: integer underflow in GIF loader
    - debian/patches/CVE-2021-20240.patch: check for overflow in
      gdk-pixbuf/io-gif-animation.c.
    - CVE-2021-20240

 -- Marc Deslauriers <email address hidden> Thu, 18 Feb 2021 09:41:16 -0500

Source diff to previous version
CVE-2021-20240 integer underflow in the GIF loader of gdk-pixbuf via crafted input leads to segmentation fault

Version: 2.40.0+dfsg-3ubuntu0.1 2020-12-08 18:06:38 UTC

  gdk-pixbuf (2.40.0+dfsg-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: infinite loop in write_indexes
    - debian/patches/CVE-2020-29385.patch: fix LZW decoder accepting
      invalid LZW code in gdk-pixbuf/lzw.c.
    - CVE-2020-29385

 -- Marc Deslauriers <email address hidden> Tue, 08 Dec 2020 08:32:30 -0500

CVE-2020-29385 RESERVED



About   -   Send Feedback to @ubuntu_updates