Package "gir1.2-gdkpixbuf-2.0"

Name: gir1.2-gdkpixbuf-2.0


GDK Pixbuf library - GObject-Introspection

Latest version: 2.30.7-0ubuntu1.8
Release: trusty (14.04)
Level: security
Repository: main
Head package: gdk-pixbuf
Homepage: http://www.gtk.org/


Download "gir1.2-gdkpixbuf-2.0"

Other versions of "gir1.2-gdkpixbuf-2.0" in Trusty

Repository Area Version
base main 2.30.7-0ubuntu1
updates main 2.30.7-0ubuntu1.8


Version: 2.30.7-0ubuntu1.8 2018-01-15 20:06:38 UTC

  gdk-pixbuf (2.30.7-0ubuntu1.8) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in gif_get_lzw function
    - debian/patches/CVE-2017-1000422.patch: fix in gdk-pixbuf/io-gif.c.
    - CVE-2017-1000422
  * SECURITY UPDATE: DoS and integer overflow in io-ico.c
    - debian/patches/CVE-2017-6312.patch: fix potential integer overflow
      in gdk-pixbuf/io-ico.c.
    - CVE-2017-6312
  * SECURITY UPDATE: DoS and integer underflow in load_resources function
    - debian/patches/CVE-2017-6313.patch: protect against too short
      blocklen in gdk-pixbuf/io-icns.c.
    - CVE-2017-6313
  * SECURITY UPDATE: DoS (infinite loop)
    - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size
      computation in gdk-pixbuf/io-tiff.c.
    - CVE-2017-6314

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 11 Jan 2018 14:47:54 -0300

Source diff to previous version

Version: 2.30.7-0ubuntu1.7 2017-09-18 15:07:01 UTC
No changelog available yet.
Source diff to previous version

Version: 2.30.7-0ubuntu1.6 2016-09-21 20:06:26 UTC

  gdk-pixbuf (2.30.7-0ubuntu1.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Fix a write out-of-bounds error parsing a malicious ico
    - debian/patches/CVE-2016-6352.patch: Be more careful when parsing ico
      headers. Based on upstream patch.
    - Thanks to Franco Costantini for discovering this issue using QuickFuzz.
    - CVE-2016-6352
  * SECURITY UPDATE: Fix a heap-based buffer overflow
    - debian/patches/CVE-2015-7552.patch: Protect against overflow. Based on
      upstream patches.
    - CVE-2015-7552
  * SECURITY UPDATE: Fix multiple integer overflows
    - debian/patches/CVE-2015-8875.patch: use gint64 in more places to avoid
      overflow when shifting
    - CVE-2015-8875

 -- Emily Ratliff <email address hidden> Wed, 21 Sep 2016 09:38:31 -0500

Source diff to previous version
CVE-2016-6352 Write out-of-bounds
CVE-2015-7552 Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of se
CVE-2015-8875 Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops

Version: 2.30.7-0ubuntu1.2 2015-10-13 20:06:27 UTC

  gdk-pixbuf (2.30.7-0ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Heap overflow and DoS with tga files
    - debian/patches/CVE-2015-7673-1.patch: pass on OOM conditions in
      make_weights functions in gdk-pixbuf/pixops/pixops.c
    - debian/patches/CVE-2015-7673-2.patch: Wrap TGAColormap struct in
      its own API in gdk-pixbuf/io-tga.c
    - debian/patches/CVE-2015-7673-3.patch: always parse colormaps in
  * SECURITY UPDATE: heap overflow when scaling GIF images
    - debian/patches/CVE-2015-767.patch: ensure variables are large
      enough when shifting bits in gdk-pixbuf/pixops/pixops.c

 -- Steve Beattie Thu, 08 Oct 2015 15:58:55 -0700

Source diff to previous version
CVE-2015-7673 Heap overflow and DoS with a tga file

Version: 2.30.7-0ubuntu1.1 2015-08-26 15:06:44 UTC

  gdk-pixbuf (2.30.7-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: heap overflow when scaling bitmap images
    - debian/patches/CVE-2015-4491-1.patch: check for overflows in
    - debian/patches/CVE-2015-4491-2.patch: also check n_x in
    - CVE-2015-4491

 -- Marc Deslauriers Tue, 18 Aug 2015 13:02:29 -0400

CVE-2015-4491 Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox

About   -   Send Feedback to @ubuntu_updates