Gnome Gdk-Pixbuf vulnerabilities
33 known vulnerabilities affecting gnome/gdk-pixbuf.
Total CVEs
33
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH20MEDIUM11LOW1
Vulnerabilities
Page 2 of 2
CVE-2005-2976P4HIGHCVSS 7.5≥ 0, < 0.22.0-112005-11-18
CVE-2005-2976 [HIGH] CVE-2005-2976: Integer overflow in io-xpm
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
osv
CVE-2005-0891P4HIGHCVSS 7.5≥ 0, < 0.22.0-7.12005-05-02
CVE-2005-0891 [HIGH] CVE-2005-0891: Double free vulnerability in gtk 2 (gtk2) before 2
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
osv
CVE-2017-6313P4HIGHCVSS 7.1fixed in 2.36.122017-03-10
CVE-2017-6313 [HIGH] CWE-191 CVE-2017-6313: Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
nvdosv
CVE-2005-2975P4HIGHCVSS 7.8≥ 0, < 0.22.0-112005-11-18
CVE-2005-2975 [HIGH] CVE-2005-2975: io-xpm
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.
osv
CVE-2012-2370P4MEDIUMCVSS 5.0≤ 2.26.0v2.23.3+6 more2012-08-13
CVE-2012-2370 [MEDIUM] CWE-189 CVE-2012-2370: Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
nvdosv
CVE-2020-29385P4MEDIUMCVSS 5.5fixed in 2.42.22020-12-26
CVE-2020-29385 [MEDIUM] CWE-835 CVE-2020-29385: GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c i
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop
nvdosv
CVE-2011-2485P4MEDIUMCVSS 4.3≤ 2.23.3v2.22.12012-07-03
CVE-2011-2485 [MEDIUM] CVE-2011-2485: The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.
nvdosv
CVE-2017-6312P4MEDIUMCVSS 5.5fixed in 2.36.122017-03-10
CVE-2017-6312 [MEDIUM] CWE-190 CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of s
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
nvdosv
CVE-2017-6314P4MEDIUMCVSS 5.5fixed in 2.36.122017-03-10
CVE-2017-6314 [MEDIUM] CWE-835 CVE-2017-6314: The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers t
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
nvdosv
CVE-2004-0753P4MEDIUMCVSS 5.0≥ 0, < 0.22.0-72004-10-20
CVE-2004-0753 [MEDIUM] CVE-2004-0753: The BMP image processor for (1) gdk-pixbuf before 0
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
osv
CVE-2004-0788P4MEDIUMCVSS 5.0≥ 0, < 0.22.0-72004-10-20
CVE-2004-0788 [MEDIUM] CVE-2004-0788: Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0
Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.
osv
CVE-2025-6199P4LOWCVSS 3.3≥ 0, < 2.42.2+dfsg-1+deb11u3≥ 0, < 2.42.10+dfsg-1+deb12u2+1 more2025-06-17
CVE-2025-6199 [LOW] CVE-2025-6199: A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder
A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.
osv
CVE-2004-0111P4MEDIUMCVSS 5.0≥ 0, < 0.22.0-32004-04-15
CVE-2004-0111 [MEDIUM] CVE-2004-0111: gdk-pixbuf before 0
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
osv
← Previous2 / 2