CVE-2011-2485 Affecting gdk-pixbuf package, versions <2.23.3-3.1
Threat Intelligence
EPSS
0.78% (82nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN8-GDKPIXBUF-345068
- published 3 Jul 2012
- disclosed 3 Jul 2012
Introduced: 3 Jul 2012
CVE-2011-2485 Open this link in a new tabHow to fix?
Upgrade Debian:8 gdk-pixbuf to version 2.23.3-3.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream gdk-pixbuf package and not the gdk-pixbuf package as distributed by Debian.
See How to fix? for Debian:8 relevant fixed versions and status.
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.
References
- https://security-tracker.debian.org/tracker/CVE-2011-2485
- http://security.gentoo.org/glsa/glsa-201206-20.xml
- http://ftp.gnome.org/pub/GNOME/sources/gdk-pixbuf/2.23/gdk-pixbuf-2.23.5.news
- http://git.gnome.org/browse/gdk-pixbuf/commit/?id=f8569bb13e2aa1584dde61ca545144750f7a7c98
- http://secunia.com/advisories/45656
- http://secunia.com/advisories/49715
CVSS Scores
version 3.1