Bug 715337 (CVE-2011-2485) - CVE-2011-2485 gdk-pixbuf: incorrect error detection in the GIF image loader
Summary: CVE-2011-2485 gdk-pixbuf: incorrect error detection in the GIF image loader
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2011-2485
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 714754 (view as bug list)
Depends On: 716373 837559 837560 837561 837562
Blocks: 715365
TreeView+ depends on / blocked
 
Reported: 2011-06-22 14:55 UTC by Jan Lieskovsky
Modified: 2023-05-11 17:49 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-13 16:25:07 UTC
Embargoed:

Attachments (Terms of Use)
Proposed patch from Matthias Clasen (1.44 KB, patch)
2011-06-22 15:02 UTC, Jan Lieskovsky 		no flags Details | Diff
View All

Description Jan Lieskovsky 2011-06-22 14:55:52 UTC 
It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load()
routine did not properly handle certain return values from its subroutines.
A remote attacker could provide a specially-crafted GIF image, which once
opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf
to return partially initialized pixbuf structure, possibly having huge
width and height, leading to that particular application termination due
excessive memory use.

Acknowledgements:

Red Hat would like to thank the Pidgin project for reporting this issue.
Upstream acknowledges Mark Doliner as the original reporter.
Comment 1 Jan Lieskovsky 2011-06-22 15:02:04 UTC 
Created attachment 506029 [details]
Proposed patch from Matthias Clasen
Comment 5 Jan Lieskovsky 2011-06-22 16:40:21 UTC 
The CVE identifier of CVE-2011-2485 has been assigned to this issue.
Comment 7 Jan Lieskovsky 2011-06-24 08:29:06 UTC 
Upstream patch:
[1] http://git.gnome.org/browse/gdk-pixbuf/commit/?id=f8569bb13e2aa1584dde61ca545144750f7a7c98
Comment 8 Jan Lieskovsky 2011-06-24 08:33:07 UTC 
This issue affects the versions of the gdk-pixbuf packages, as shipped with
Red Hat Enterprise Linux 4 and 5.

--

This issue affects the versions of the gdk-pixbuf package, as shipped with
Fedora release of 14 and 15.

The gdk-pixbuf2 package updates for Fedora release of 14 and 15, addressing
this issue has been already scheduled. The particular versions are:
1) gdk-pixbuf2-2.22.0-2.fc14 for Fedora 14
2) gdk-pixbuf2-2.23.3-2.fc15 for Fedora 15
Comment 10 Jan Lieskovsky 2011-06-24 08:41:29 UTC 
Created gdk-pixbuf tracking bugs for this issue

Affects: fedora-all [bug 716373]
Comment 11 Tomas Hoger 2011-08-19 14:18:21 UTC 
Matthias, you seem to have a good understanding of this issue.  Do you know when this issue was introduced, and if it really affects gdk-pixbuf (0.x version for gtk+ 1.x) as mentioned in comment #8 and comment #10?  My quick testing suggests it may not be affected, given that gdk_pixbuf_new_from_file() returns error (and reports a lot of assertion failures to stderr) when trying to load test image.
Comment 12 Matthias Clasen 2011-08-19 15:51:34 UTC 
The code certainly looks like it might have the same problem. 
gdk_pixbuf__gif_image_load does not even look at the return value
of gif_main_loop and just blindly returns the pixbuf.
Comment 14 Huzaifa S. Sidhpurwala 2012-07-04 08:49:26 UTC 
*** Bug 714754 has been marked as a duplicate of this bug. ***
Comment 17 Josh Bressers 2014-06-13 16:25:07 UTC 
I'm closing this bug. There are no longer outstanding tasks open for it.
Note You need to log in before you can comment on or make changes to this bug.