Denial of Service in GNOME gdk-pixbuf Due to LZW Compression Issue
CVE-2020-29385

5.5MEDIUM

Key Information:

Vendor

Gnome
Status
Gdk-pixbuf
Vendor
CVE Published:
26 December 2020

What is CVE-2020-29385?

The gdk-pixbuf library versions prior to 2.42.2 are susceptible to a denial of service vulnerability triggered by an infinite loop in lzw.c during the processing of specially crafted GIF images with LZW compression. Specifically, the function write_indexes can enter an infinite loop if certain conditions involving the code table are met, which may allow an attacker to disrupt normal operations of applications using this library.

References

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS
x_refsource_MISC
https://security.gentoo.org/glsa/202012-15
x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2020-29385 : Denial of Service in GNOME gdk-pixbuf Due to LZW Compression Issue