Package "gir1.2-gdkpixbuf-2.0"

Name: gir1.2-gdkpixbuf-2.0


GDK Pixbuf library - GObject-Introspection

Latest version: 2.32.2-1ubuntu1.6
Release: xenial (16.04)
Level: security
Repository: main
Head package: gdk-pixbuf
Homepage: http://www.gtk.org/


Download "gir1.2-gdkpixbuf-2.0"

Other versions of "gir1.2-gdkpixbuf-2.0" in Xenial

Repository Area Version
base main 2.32.2-1ubuntu1
updates main 2.32.2-1ubuntu1.6
PPA: Gnome Shell 2.33.2-0ubuntu1~xenial1


Version: 2.32.2-1ubuntu1.6 2019-03-20 19:06:55 UTC

  gdk-pixbuf (2.32.2-1ubuntu1.6) xenial-security; urgency=medium

  * SECURITY UPDATE: stack corruption via crafted file folder
    - debian/patches/CVE-2017-12447-1.patch: reject bogus depth in
    - debian/patches/CVE-2017-12447-2.patch: reject impossible palette
      size in gdk-pixbuf/io-bmp.c.
    - CVE-2017-12447

 -- Marc Deslauriers <email address hidden> Wed, 20 Mar 2019 11:43:33 -0400

Source diff to previous version
CVE-2017-12447 GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack c

Version: 2.32.2-1ubuntu1.4 2018-01-15 20:06:40 UTC

  gdk-pixbuf (2.32.2-1ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in gif_get_lzw function
    - debian/patches/CVE-2017-1000422.patch: fix in gdk-pixbuf/io-gif.c.
    - CVE-2017-1000422
  * SECURITY UPDATE: DoS and integer overflow in io-ico.c
    - debian/patches/CVE-2017-6312.patch: fix potential integer overflow
      in gdk-pixbuf/io-ico.c.
    - CVE-2017-6312
  * SECURITY UPDATE: DoS and integer underflow in load_resources function
    - debian/patches/CVE-2017-6313.patch: protect against too short
      blocklen in gdk-pixbuf/io-icns.c.
    - CVE-2017-6313
  * SECURITY UPDATE: DoS (infinite loop)
    - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size
      computation in gdk-pixbuf/io-tiff.c.
    - CVE-2017-6314

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 11 Jan 2018 15:01:31 -0300

Source diff to previous version

Version: 2.32.2-1ubuntu1.3 2017-09-18 15:07:05 UTC
No changelog available yet.
Source diff to previous version

Version: 2.32.2-1ubuntu1.2 2016-09-21 20:06:27 UTC

  gdk-pixbuf (2.32.2-1ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Fix a write out-of-bounds error parsing a malicious ico
    - debian/patches/CVE-2016-6352.patch: Be more careful when parsing ico
      headers. Based on upstream patch.
    - Thanks to Franco Costantini for discovering this issue using QuickFuzz.
    - CVE-2016-6352

 -- Emily Ratliff <email address hidden> Tue, 20 Sep 2016 11:21:58 -0500

CVE-2016-6352 Write out-of-bounds

About   -   Send Feedback to @ubuntu_updates