Fluid Attacks Database

Description

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.18	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.10-r0 \|\| =2.36.11-r0 \|\| =2.36.11-r1 \|\| =2.36.11-r2 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| =2.36.6-r1 \|\| =2.36.8-r0 \|\| =2.38.1-r0 \|\| =2.38.2-r0 \|\| =2.40.0-r0 \|\| =2.40.0-r1 \|\| =2.40.0-r2 \|\| =2.42.0-r0 \|\| =2.42.10-r0 \|\| =2.42.10-r1 \|\| =2.42.10-r2 \|\| =2.42.10-r3 \|\| =2.42.10-r4 \|\| =2.42.10-r5 \|\| =2.42.2-r0 \|\| =2.42.4-r0 \|\| =2.42.6-r0 \|\| =2.42.8-r0 \|\| =2.42.9-r0 \|\| =2.42.9-r1 \|\| >=0 <2.42.12-r0	2.42.12-r0
debian 13	gdk-pixbuf	>=0 <2.42.12+dfsg-1	2.42.12+dfsg-1
debian 11	gdk-pixbuf	=2.42.2+dfsg-1 \|\| =2.42.2+dfsg-1+deb11u1 \|\| >=0 <2.42.2+dfsg-1+deb11u2	2.42.2+dfsg-1+deb11u2
alpine v3.17	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.10-r0 \|\| =2.36.11-r0 \|\| =2.36.11-r1 \|\| =2.36.11-r2 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| =2.36.6-r1 \|\| =2.36.8-r0 \|\| =2.38.1-r0 \|\| =2.38.2-r0 \|\| =2.40.0-r0 \|\| =2.40.0-r1 \|\| =2.40.0-r2 \|\| =2.42.0-r0 \|\| =2.42.10-r0 \|\| =2.42.2-r0 \|\| =2.42.4-r0 \|\| =2.42.6-r0 \|\| =2.42.8-r0 \|\| =2.42.9-r0 \|\| =2.42.9-r1 \|\| >=0 <2.42.12-r0	2.42.12-r0
alpine v3.19	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.10-r0 \|\| =2.36.11-r0 \|\| =2.36.11-r1 \|\| =2.36.11-r2 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| =2.36.6-r1 \|\| =2.36.8-r0 \|\| =2.38.1-r0 \|\| =2.38.2-r0 \|\| =2.40.0-r0 \|\| =2.40.0-r1 \|\| =2.40.0-r2 \|\| =2.42.0-r0 \|\| =2.42.10-r0 \|\| =2.42.10-r1 \|\| =2.42.10-r2 \|\| =2.42.10-r3 \|\| =2.42.10-r4 \|\| =2.42.10-r5 \|\| =2.42.10-r6 \|\| =2.42.2-r0 \|\| =2.42.4-r0 \|\| =2.42.6-r0 \|\| =2.42.8-r0 \|\| =2.42.9-r0 \|\| =2.42.9-r1 \|\| >=0 <2.42.12-r0	2.42.12-r0
alpine v3.20	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.10-r0 \|\| =2.36.11-r0 \|\| =2.36.11-r1 \|\| =2.36.11-r2 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| =2.36.6-r1 \|\| =2.36.8-r0 \|\| =2.38.1-r0 \|\| =2.38.2-r0 \|\| =2.40.0-r0 \|\| =2.40.0-r1 \|\| =2.40.0-r2 \|\| =2.42.0-r0 \|\| =2.42.10-r0 \|\| =2.42.10-r1 \|\| =2.42.10-r2 \|\| =2.42.10-r3 \|\| =2.42.10-r4 \|\| =2.42.10-r5 \|\| =2.42.10-r6 \|\| =2.42.11-r0 \|\| =2.42.11-r1 \|\| =2.42.2-r0 \|\| =2.42.4-r0 \|\| =2.42.6-r0 \|\| =2.42.8-r0 \|\| =2.42.9-r0 \|\| =2.42.9-r1 \|\| >=0 <2.42.12-r0	2.42.12-r0
alpine v3.21	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.10-r0 \|\| =2.36.11-r0 \|\| =2.36.11-r1 \|\| =2.36.11-r2 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| =2.36.6-r1 \|\| =2.36.8-r0 \|\| =2.38.1-r0 \|\| =2.38.2-r0 \|\| =2.40.0-r0 \|\| =2.40.0-r1 \|\| =2.40.0-r2 \|\| =2.42.0-r0 \|\| =2.42.10-r0 \|\| =2.42.10-r1 \|\| =2.42.10-r2 \|\| =2.42.10-r3 \|\| =2.42.10-r4 \|\| =2.42.10-r5 \|\| =2.42.10-r6 \|\| =2.42.11-r0 \|\| =2.42.11-r1 \|\| =2.42.2-r0 \|\| =2.42.4-r0 \|\| =2.42.6-r0 \|\| =2.42.8-r0 \|\| =2.42.9-r0 \|\| =2.42.9-r1 \|\| >=0 <2.42.12-r0	2.42.12-r0
alpine v3.22	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.10-r0 \|\| =2.36.11-r0 \|\| =2.36.11-r1 \|\| =2.36.11-r2 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| =2.36.6-r1 \|\| =2.36.8-r0 \|\| =2.38.1-r0 \|\| =2.38.2-r0 \|\| =2.40.0-r0 \|\| =2.40.0-r1 \|\| =2.40.0-r2 \|\| =2.42.0-r0 \|\| =2.42.10-r0 \|\| =2.42.10-r1 \|\| =2.42.10-r2 \|\| =2.42.10-r3 \|\| =2.42.10-r4 \|\| =2.42.10-r5 \|\| =2.42.10-r6 \|\| =2.42.11-r0 \|\| =2.42.11-r1 \|\| =2.42.2-r0 \|\| =2.42.4-r0 \|\| =2.42.6-r0 \|\| =2.42.8-r0 \|\| =2.42.9-r0 \|\| =2.42.9-r1 \|\| >=0 <2.42.12-r0	2.42.12-r0
debian 12	gdk-pixbuf	=2.42.10+dfsg-1 \|\| >=0 <2.42.10+dfsg-1+deb12u1	2.42.10+dfsg-1+deb12u1
debian 14	gdk-pixbuf	>=0 <2.42.12+dfsg-1	2.42.12+dfsg-1

1-10 of 15

Aliases

1. CVE-2022-486222. NVD-2022-486223. OSV-ALPINE-2022-486224. OSV-2022-486225. OSV-DEBIAN-2022-486226. SECURITY-CVE-2022-486227. SECURITY-TRACKER-CVE-2022-48622

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.