'[oss-security] CVE-2011-2485 assignment notification -- gdk-pixbuf'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2011-2485 assignment notification -- gdk-pixbuf
From:       Jan Lieskovsky <jlieskov () redhat ! com>
Date:       2011-06-24 9:12:02
Message-ID: 4E0454E2.1010401 () redhat ! com
[Download RAW message or body]

Hello Josh, Steve, vendors,

   the following security flaw has been found in the way gdk-pixbuf, an
image loading library, loaded certain Graphics Interchange Format (GIF) 
image files:
=======================================================================

It was found that gdk-pixbuf's gdk_pixbuf__gif_image_load() GIF image 
loader routine did not properly handle certain return values from its
subroutines. A remote attacker could provide a specially-crafted GIF
image, which once opened in an application, linked against gdk-pixbuf
would lead to gdk-pixbuf to return partially initialized pixbuf
structure, possibly having huge width and height, leading to that
particular application termination due excessive memory use.

The CVE identifier of CVE-2011-2485 has been assigned to this issue.

References:

[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2485
[2] 
http://git.gnome.org/browse/gdk-pixbuf/commit/?id=f8569bb13e2aa1584dde61ca545144750f7a7c98

This issue could lead (for example) in Pidgin to:
=================================================

A remote attacker could set a specially-crafted GIF image as their
buddy icon that could lead to Pidgin being terminated due to excessive
memory use.

References:
[3] https://bugzilla.redhat.com/show_bug.cgi?id=714754
[4] http://www.pidgin.im/news/security/?id=52

Credit: Issue has been discovered and reported by Mark Doliner
         of the Pidgin project.

We did not allocate a second CVE identifier for the Pidgin issue,
since the true underlying reason for this was the gdk-pixbuf image 
loading library problem. This is based on last paragraph from:
[5] http://www.openwall.com/lists/oss-security/2011/03/30/3

more exactly on that part about 'issues like incorrectly
reporting error status from an API function' (although this not
being case of compiler, but rather case of library).

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic