Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflows in the io-gif.c:gif_get_lzw() function resulting in memory corruption and potential code execution. References: https://bugzilla.gnome.org/show_bug.cgi?id=785973 https://git.gnome.org/browse/gdk-pixbuf/commit/?id=0012e06 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000422 https://bugzilla.novell.com/show_bug.cgi?id=1074462
Analysis: When rendering very large GIF files, gdk-pixbuf2 would previously fail after attempting to allocate memory because of a possible integer overflow, since frame_len * frame_height would be result in an overflow. https://git.gnome.org/browse/gdk-pixbuf/commit/?id=0012e06 (patch fixing this CVE) detects the overflow before attempting to allocate memory. Therefore essentially the flaw is already mitigated in the existing code. It is preferable to be able to detect an overflow before attempting memory, but not doing so should not be a flaw in itself.