The following security flaw has been found in the way gdk-pixbuf, an image loading library, loaded certain Graphics Interchange Format (GIF) image files: ============================================================================== It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load() routine did not properly handle certain return values from its subroutines. A remote attacker could provide a specially-crafted GIF image, which once opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf to return partially initialized pixbuf structure, possibly having huge width and height, leading to that particular application termination due excessive memory use. References: [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2485 [2] http://git.gnome.org/browse/gdk-pixbuf/commit/?id=f8569bb13e2aa1584dde61ca545144750f7a7c98 For Pidgin the above gdk-pixbuf library deficiency would mean: ============================================================== A remote attacker could set a specially-crafted GIF image as their buddy icon that could lead to Pidgin being terminated due to excessive memory use. References: [3] http://www.pidgin.im/news/security/?id=52 Acknowledgements: Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Mark Doliner as the original reporter.
This issue affects the versions of the pidgin package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue affects the versions of the pidgin package, as shipped with Fedora release of 13, 14, and 15.
Created pidgin tracking bugs for this issue Affects: fedora-all [bug 716377]
Relevant upstream patch: [4] http://developer.pidgin.im/viewmtn/revision/info/e802003adbf0be4496de3de8ac03b47c1e471d00
*** This bug has been marked as a duplicate of bug 715337 ***