Bug 715337 - (CVE-2011-2485) CVE-2011-2485 gdk-pixbuf: incorrect error detection in the GIF image loader
CVE-2011-2485 gdk-pixbuf: incorrect error detection in the GIF image loader
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
: 714754 (view as bug list)
Depends On: 716373 837559 837560 837561 837562
Blocks: 715365
  Show dependency treegraph
Reported: 2011-06-22 10:55 EDT by Jan Lieskovsky
Modified: 2015-11-24 10:05 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-06-13 12:25:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch from Matthias Clasen (1.44 KB, patch)
2011-06-22 11:02 EDT, Jan Lieskovsky
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2011-06-22 10:55:52 EDT
It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load()
routine did not properly handle certain return values from its subroutines.
A remote attacker could provide a specially-crafted GIF image, which once
opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf
to return partially initialized pixbuf structure, possibly having huge
width and height, leading to that particular application termination due
excessive memory use.


Red Hat would like to thank the Pidgin project for reporting this issue.
Upstream acknowledges Mark Doliner as the original reporter.
Comment 1 Jan Lieskovsky 2011-06-22 11:02:04 EDT
Created attachment 506029 [details]
Proposed patch from Matthias Clasen
Comment 5 Jan Lieskovsky 2011-06-22 12:40:21 EDT
The CVE identifier of CVE-2011-2485 has been assigned to this issue.
Comment 8 Jan Lieskovsky 2011-06-24 04:33:07 EDT
This issue affects the versions of the gdk-pixbuf packages, as shipped with
Red Hat Enterprise Linux 4 and 5.


This issue affects the versions of the gdk-pixbuf package, as shipped with
Fedora release of 14 and 15.

The gdk-pixbuf2 package updates for Fedora release of 14 and 15, addressing
this issue has been already scheduled. The particular versions are:
1) gdk-pixbuf2-2.22.0-2.fc14 for Fedora 14
2) gdk-pixbuf2-2.23.3-2.fc15 for Fedora 15
Comment 10 Jan Lieskovsky 2011-06-24 04:41:29 EDT
Created gdk-pixbuf tracking bugs for this issue

Affects: fedora-all [bug 716373]
Comment 11 Tomas Hoger 2011-08-19 10:18:21 EDT
Matthias, you seem to have a good understanding of this issue.  Do you know when this issue was introduced, and if it really affects gdk-pixbuf (0.x version for gtk+ 1.x) as mentioned in comment #8 and comment #10?  My quick testing suggests it may not be affected, given that gdk_pixbuf_new_from_file() returns error (and reports a lot of assertion failures to stderr) when trying to load test image.
Comment 12 Matthias Clasen 2011-08-19 11:51:34 EDT
The code certainly looks like it might have the same problem. 
gdk_pixbuf__gif_image_load does not even look at the return value
of gif_main_loop and just blindly returns the pixbuf.
Comment 14 Huzaifa S. Sidhpurwala 2012-07-04 04:49:26 EDT
*** Bug 714754 has been marked as a duplicate of this bug. ***
Comment 17 Josh Bressers 2014-06-13 12:25:07 EDT
I'm closing this bug. There are no longer outstanding tasks open for it.

Note You need to log in before you can comment on or make changes to this bug.