Codebase list gdk-pixbuf / 18d51b7
Import NMU by the security team git-svn-id: file:///svn/pkg-gnome/desktop/unstable/gdk-pixbuf@28700 db0db5de-e4c8-0310-9441-90abf70311f7 Michael Biebl 12 years ago
4 changed file(s) with 66 addition(s) and 1 deletion(s). Raw diff Collapse all Expand all
+8
-0
debian/changelog less more
0 gdk-pixbuf (2.23.3-3.1) unstable; urgency=high
1
2 * Non-maintainer upload by the Security Team.
3 * Fix improper check of gif_main_loop() resulting in DoS conditions
4 on specially crafted GIF images (CVE-2011-2485; Closes: #631524)
5
6 -- Nico Golde <nion@debian.org> Tue, 28 Jun 2011 21:59:16 +0200
7
08 gdk-pixbuf (2.23.3-3) unstable; urgency=low
19
210 * Move the mime.cache generation from gtk+ udebs to this one, since
+1
-1
debian/control less more
66 Section: libs
77 Priority: optional
88 Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
9 Uploaders: Emilio Pozuelo Monfort <pochu@debian.org>, Josselin Mouette <joss@debian.org>, Laurent Bigonville <bigon@debian.org>, Sebastian Dröge <slomo@debian.org>
9 Uploaders: Emilio Pozuelo Monfort <pochu@debian.org>, Josselin Mouette <joss@debian.org>, Laurent Bigonville <bigon@debian.org>
1010 Build-Depends: cdbs (>= 0.4.90~),
1111 debhelper (>= 7),
1212 autotools-dev,
+56
-0
debian/patches/CVE-2011-2485.patch less more
0 From f8569bb13e2aa1584dde61ca545144750f7a7c98 Mon Sep 17 00:00:00 2001
1 From: Matthias Clasen <mclasen@redhat.com>
2 Date: Fri, 24 Jun 2011 05:09:35 +0000
3 Subject: GIF: Don't return a partially initialized pixbuf structure
4
5 It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load()
6 routine did not properly handle certain return values from their subroutines.
7 A remote attacker could provide a specially-crafted GIF image, which once
8 opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf
9 to return partially initialized pixbuf structure, possibly having huge
10 width and height, leading to that particular application termination due
11 excessive memory use.
12
13 The CVE identifier of CVE-2011-2485 has been assigned to this issue.
14 ---
15 diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
16 index 0b370ee..8a1fa3e 100644
17 --- a/gdk-pixbuf/io-gif.c
18 +++ b/gdk-pixbuf/io-gif.c
19 @@ -1455,6 +1455,7 @@ gdk_pixbuf__gif_image_load (FILE *file, GError **error)
20 {
21 GifContext *context;
22 GdkPixbuf *pixbuf;
23 + gint retval;
24
25 g_return_val_if_fail (file != NULL, NULL);
26
27 @@ -1472,19 +1473,25 @@ gdk_pixbuf__gif_image_load (FILE *file, GError **error)
28 context->error = error;
29 context->stop_after_first_frame = TRUE;
30
31 - if (gif_main_loop (context) == -1 || context->animation->frames == NULL) {
32 + retval = gif_main_loop (context);
33 + if (retval == -1 || context->animation->frames == NULL) {
34 if (context->error && *(context->error) == NULL)
35 g_set_error_literal (context->error,
36 GDK_PIXBUF_ERROR,
37 GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
38 _("GIF file was missing some data (perhaps it was truncated somehow?)"));
39 }
40 + else if (retval == -2) {
41 + pixbuf = NULL;
42 + goto out;
43 + }
44
45 pixbuf = gdk_pixbuf_animation_get_static_image (GDK_PIXBUF_ANIMATION (context->animation));
46
47 if (pixbuf)
48 g_object_ref (pixbuf);
49
50 +out:
51 g_object_unref (context->animation);
52
53 g_free (context->buf);
54 --
55 cgit v0.9
+1
-0
debian/patches/series less more
00 041_ia32-libs.patch
1 CVE-2011-2485.patch