CVE-2020-29385 - log back

CVE-2020-29385 edited at 08 Dec 2020 00:32:12
Description
- A security issue was found in gdk-pixbuf2 2.40.0 up to 2.42.0. A malformed GIF image could lead to an endless loop taking full CPU resources, leading to a denial of service.
+ A security issue was found in gdk-pixbuf2 2.40.0 up to 2.42.0. A malformed GIF image could lead to an endless loop in the write_indexes function in gdk-pixbuf/lzw.c, taking full CPU resources and leading to a denial of service.
CVE-2020-29385 edited at 08 Dec 2020 00:30:23
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ A security issue was found in gdk-pixbuf2 2.40.0 up to 2.42.0. A malformed GIF image could lead to an endless loop taking full CPU resources, leading to a denial of service.
References
+ https://mail.gnome.org/archives/distributor-list/2020-December/msg00000.html
+ https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164
+ https://gitlab.gnome.org/GNOME/gdk-pixbuf/uploads/2838c96bb111a93d845b95c53b8953e3/gif_lzw_PoC.tar.gz
+ https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/92
+ https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bdd3acbd48a575d418ba6bf1b32d7bda2fae1c81
Notes
CVE-2020-29385 created at 08 Dec 2020 00:21:35