CVE-2020-29385Infinite Loop in Gdk-pixbuf

CWE-835Infinite Loop7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.6%
top 29.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Gnome Gdk-pixbufCanonical Ubuntu LinuxFedoraproject Fedora
Timeline
PublishedDec 26
Latest updateMay 24

Description

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDgnome/gdk-pixbuf< 2.42.2
Debiangnome/gdk-pixbuf< 2.42.2+dfsg-1+3

Also affects: Fedora 33, 34, Ubuntu Linux 20.04, 20.10

Patches

Patch: ubuntu.comPatch: ubuntu.com

🔴Vulnerability Details

3
GHSA
GHSA-wf85-g3p6-xf4h: GNOME gdk-pixbuf (aka GdkPixbuf) before 22022-05-24
OSV
CVE-2020-29385: GNOME gdk-pixbuf (aka GdkPixbuf) before 22020-12-26
CVEList
CVE-2020-29385: GNOME gdk-pixbuf (aka GdkPixbuf) before 22020-12-26

📋Vendor Advisories

3
Ubuntu
GDK-PixBuf vulnerability2020-12-08
Red Hat
gdk-pixbuf: DoS in lzw.c2020-12-08
Debian
CVE-2020-29385: gdk-pixbuf - GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infin...2020
CVE-2020-29385 — Infinite Loop in Gnome Gdk-pixbuf | cvebase