GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table.extends will assign the value 11 to c. The next execution in the loop will assign self->code_table.extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
Created gdk-pixbuf2 tracking bugs for this issue:
Affects: fedora-all [bug 1927239]
The issue was introduced in version 2.40.0:
Created mingw-gdk-pixbuf tracking bugs for this issue:
Affects: fedora-all [bug 1928673]