CVE-2020-29385 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Denial of service
Description	A security issue was found in gdk-pixbuf2 2.40.0 up to 2.42.0. A malformed GIF image could lead to an endless loop in the write_indexes function in gdk-pixbuf/lzw.c, taking full CPU resources and leading to a denial of service.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1329	lib32-gdk-pixbuf2	2.42.0-2	2.42.2-1	Medium	Fixed
AVG-1328	gdk-pixbuf2	2.42.0-2	2.42.2-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
09 Dec 2020	ASA-202012-20	AVG-1329	lib32-gdk-pixbuf2	Medium	denial of service
09 Dec 2020	ASA-202012-19	AVG-1328	gdk-pixbuf2	Medium	denial of service

References
https://mail.gnome.org/archives/distributor-list/2020-December/msg00000.html https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164 https://gitlab.gnome.org/GNOME/gdk-pixbuf/uploads/2838c96bb111a93d845b95c53b8953e3/gif_lzw_PoC.tar.gz https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/92 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bdd3acbd48a575d418ba6bf1b32d7bda2fae1c81

References

https://mail.gnome.org/archives/distributor-list/2020-December/msg00000.html
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164
https://gitlab.gnome.org/GNOME/gdk-pixbuf/uploads/2838c96bb111a93d845b95c53b8953e3/gif_lzw_PoC.tar.gz
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/92
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bdd3acbd48a575d418ba6bf1b32d7bda2fae1c81