Fluid Attacks Database

Description

The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	gdk-pixbuf	>=0 <2.23.3-3.1	2.23.3-3.1
debian 12	gdk-pixbuf	>=0 <2.23.3-3.1	2.23.3-3.1
debian 14	gdk-pixbuf	>=0 <2.23.3-3.1	2.23.3-3.1
debian 13	gdk-pixbuf	>=0 <2.23.3-3.1	2.23.3-3.1
rpm rhel5	gtk2	-	-
rpm rhel6	gtk2	-	-
rpm rhel6	pidgin	-	-
rpm rhel5	pidgin	-	-

Aliases

1. CVE-2011-24852. NVD-2011-24853. OSV-DEBIAN-2011-24854. OSV-2011-24855. SECURITY-TRACKER-CVE-2011-2485

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.