CVE-2011-2485
published 2012-07-03CVE-2011-2485: The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
3.13%
86.2th percentile
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdk-pixbuf | < gdk-pixbuf 2.23.3-3.1 (bookworm) | gdk-pixbuf 2.23.3-3.1 (bookworm) |
| gnome | gdk-pixbuf | <= 2.23.3 | — |
| gnome | gdk-pixbuf | — | — |
| gnome | gdk-pixbuf | >= 0 < 2.23.3-3.1 | 2.23.3-3.1 |
| gnome | gdk-pixbuf | >= 0 < 2.23.3-3.1 | 2.23.3-3.1 |
| gnome | gdk-pixbuf | >= 0 < 2.23.3-3.1 | 2.23.3-3.1 |
| gnome | gdk-pixbuf | >= 0 < 2.23.3-3.1 | 2.23.3-3.1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
gdk-pixbuf: incorrect error detection in the GIF image loader
vendor_redhat·2011-06-23·CVSS 4.3
CVE-2011-2485 [MEDIUM] gdk-pixbuf: incorrect error detection in the GIF image loader
gdk-pixbuf: incorrect error detection in the GIF image loader
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.
Package: evolution28-gtk2 (Red Hat Enterprise Linux 4) - Affected
Package: frysk (Red Hat Enterprise Linux 4) - Under investigation
Package: gdk-pixbuf (Red Hat Enterprise Linux 4) - Under investigation
Package: gtk2 (Red Hat Enterprise Linux 4) - Affected
Package: gdk-pixbuf (Red Hat Enterprise Linux 5) - Under investigation
Package: gtk2 (Red Hat Enterprise Linux 5) - Affected
Package: pidgin (Red Hat Enterprise Linux 5) - Affected
Package: gtk2 (Red Hat Enterprise Linux 6)
Debian
CVE-2011-2485: gdk-pixbuf - The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf bef...
vendor_debian·2011·CVSS 4.3
CVE-2011-2485 [MEDIUM] CVE-2011-2485: gdk-pixbuf - The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf bef...
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.
Scope: local
bookworm: resolved (fixed in 2.23.3-3.1)
bullseye: resolved (fixed in 2.23.3-3.1)
forky: resolved (fixed in 2.23.3-3.1)
sid: resolved (fixed in 2.23.3-3.1)
trixie: resolved (fixed in 2.23.3-3.1)
GHSA
GHSA-5w8h-qwv6-rm5p: The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif
ghsa_unreviewed·2022-05-17
CVE-2011-2485 [MEDIUM] GHSA-5w8h-qwv6-rm5p: The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.
OSV
CVE-2011-2485: The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif
osv·2012-07-03·CVSS 4.3
CVE-2011-2485 [MEDIUM] CVE-2011-2485: The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2485 gdk-pixbuf: Excessive memory use due improper checking of certain return values in GIF image loader [fedora-16]
bugzilla·2011-06-24·CVSS 4.3
CVE-2011-2485 [MEDIUM] CVE-2011-2485 gdk-pixbuf: Excessive memory use due improper checking of certain return values in GIF image loader [fedora-16]
CVE-2011-2485 gdk-pixbuf: Excessive memory use due improper checking of certain return values in GIF image loader [fedora-16]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bu
Bugzilla
CVE-2011-2485 gdk-pixbuf: incorrect error detection in the GIF image loader
bugzilla·2011-06-22·CVSS 4.3
CVE-2011-2485 [MEDIUM] CVE-2011-2485 gdk-pixbuf: incorrect error detection in the GIF image loader
CVE-2011-2485 gdk-pixbuf: incorrect error detection in the GIF image loader
It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load()
routine did not properly handle certain return values from its subroutines.
A remote attacker could provide a specially-crafted GIF image, which once
opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf
to return partially initialized pixbuf structure, possibly having huge
width and height, leading to that particular application termination due
excessive memory use.
Acknowledgements:
Red Hat would like to thank the Pidgin project for reporting this issue.
Upstream acknowledges Mark Doliner as the original reporter.
Discussion:
Created attachment 506029
Proposed patch from Matthias Clasen
---
The CVE identifier
Bugzilla
pidgin: DoS (excessive memory consumption) by processing certain GIF images used as buddy icon
bugzilla·2011-06-20·CVSS 4.3
[MEDIUM] pidgin: DoS (excessive memory consumption) by processing certain GIF images used as buddy icon
pidgin: DoS (excessive memory consumption) by processing certain GIF images used as buddy icon
The following security flaw has been found in the way gdk-pixbuf, an image
loading library, loaded certain Graphics Interchange Format (GIF) image files:
It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load()
routine did not properly handle certain return values from its subroutines.
A remote attacker could provide a specially-crafted GIF image, which once
opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf
to return partially initialized pixbuf structure, possibly having huge
width and height, leading to that particular application termination due
excessive memory use.
References:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2485
[2] h
http://ftp.gnome.org/pub/GNOME/sources/gdk-pixbuf/2.23/gdk-pixbuf-2.23.5.newshttp://git.gnome.org/browse/gdk-pixbuf/commit/?id=f8569bb13e2aa1584dde61ca545144750f7a7c98http://secunia.com/advisories/45656http://secunia.com/advisories/49715http://security.gentoo.org/glsa/glsa-201206-20.xmlhttp://ftp.gnome.org/pub/GNOME/sources/gdk-pixbuf/2.23/gdk-pixbuf-2.23.5.newshttp://git.gnome.org/browse/gdk-pixbuf/commit/?id=f8569bb13e2aa1584dde61ca545144750f7a7c98http://secunia.com/advisories/45656http://secunia.com/advisories/49715http://security.gentoo.org/glsa/glsa-201206-20.xml
2012-07-03
Published