Bug 715337 (CVE-2011-2485)
Summary: | CVE-2011-2485 gdk-pixbuf: incorrect error detection in the GIF image loader | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | bressers, extras-orphan, mbarnes, mclasen, mjc, security-response-team | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2014-06-13 16:25:07 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 716373, 837559, 837560, 837561, 837562 | ||||||
Bug Blocks: | 715365 | ||||||
Attachments: |
|
Description
Jan Lieskovsky
2011-06-22 14:55:52 UTC
Created attachment 506029 [details]
Proposed patch from Matthias Clasen
The CVE identifier of CVE-2011-2485 has been assigned to this issue. Upstream patch: [1] http://git.gnome.org/browse/gdk-pixbuf/commit/?id=f8569bb13e2aa1584dde61ca545144750f7a7c98 This issue affects the versions of the gdk-pixbuf packages, as shipped with Red Hat Enterprise Linux 4 and 5. -- This issue affects the versions of the gdk-pixbuf package, as shipped with Fedora release of 14 and 15. The gdk-pixbuf2 package updates for Fedora release of 14 and 15, addressing this issue has been already scheduled. The particular versions are: 1) gdk-pixbuf2-2.22.0-2.fc14 for Fedora 14 2) gdk-pixbuf2-2.23.3-2.fc15 for Fedora 15 Created gdk-pixbuf tracking bugs for this issue Affects: fedora-all [bug 716373] Matthias, you seem to have a good understanding of this issue. Do you know when this issue was introduced, and if it really affects gdk-pixbuf (0.x version for gtk+ 1.x) as mentioned in comment #8 and comment #10? My quick testing suggests it may not be affected, given that gdk_pixbuf_new_from_file() returns error (and reports a lot of assertion failures to stderr) when trying to load test image. The code certainly looks like it might have the same problem. gdk_pixbuf__gif_image_load does not even look at the return value of gif_main_loop and just blindly returns the pixbuf. *** Bug 714754 has been marked as a duplicate of this bug. *** I'm closing this bug. There are no longer outstanding tasks open for it. |