Skip to main content

Gdk Pixbuf CVE-2020-29385

MEDIUM
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2020-12-26 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 26, 2020 - 02:15 nvd
MEDIUM 5.5

DescriptionNVD

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.

AnalysisAI

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-835. GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. Affected products include: Gnome Gdk-Pixbuf, Canonical Ubuntu Linux, Fedoraproject Fedora. Version information: before 2.42.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-2862 HIGH POC
7.8 Sep 05

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixb

CVE-2017-2870 HIGH POC
7.8 Sep 05

An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when com

CVE-2017-6311 HIGH POC
7.5 Mar 10

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer der

CVE-2016-6352 HIGH POC
7.5 Oct 03

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out

CVE-2017-6313 HIGH POC
7.1 Mar 10

Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause

CVE-2017-6314 MEDIUM POC
5.5 Mar 10

The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of

CVE-2017-6312 MEDIUM POC
5.5 Mar 10

Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation

CVE-2012-2370 MEDIUM POC
5.0 Aug 13

Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote at

CVE-2021-20240 HIGH
8.8 May 28

A flaw was found in gdk-pixbuf in versions before 2.42.0. Rated high severity (CVSS 8.8), this vulnerability is remotely

CVE-2015-8875 HIGH
7.8 Jun 01

Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_proce

CVE-2015-4491 MEDIUM
6.8 Aug 16

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Fi

CVE-2015-7673 MEDIUM
6.8 Oct 26

io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to caus

Share

CVE-2020-29385 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy