Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x was found that can cause DoS via crafted BMP file.
Acknowledgments: Name: Gustavo Grieco
Created gdk-pixbuf2 tracking bugs for this issue: Affects: fedora-all [bug 1378896]
Created mingw-gdk-pixbuf tracking bugs for this issue: Affects: fedora-all [bug 1378897] Affects: epel-7 [bug 1378898]
Upstream patch: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f68cb78a5277f169b9531e6998c00c7976594e4 gdk-pixbuf 2.31.7 includes this fix.
Fix was included in man later upstream branches, including gdk-pixbuf-2.36.0 which was rebased in rhel-7.4: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4f68cb78a5277f169b9531e6998c00c7976594e4