Fluid Attacks Database

Description

Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.19	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| >=0 <2.36.6-r1	2.36.6-r1
alpine v3.7	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| >=0 <2.36.6-r1	2.36.6-r1
alpine v3.6	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| >=0 <2.36.6-r1	2.36.6-r1
alpine v3.16	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| >=0 <2.36.6-r1	2.36.6-r1
alpine v3.8	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| >=0 <2.36.6-r1	2.36.6-r1
debian 12	gdk-pixbuf	>=0 <2.36.11-2	2.36.11-2
debian 14	gdk-pixbuf	>=0 <2.36.11-2	2.36.11-2
alpine v3.11	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| >=0 <2.36.6-r1	2.36.6-r1
alpine v3.15	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| >=0 <2.36.6-r1	2.36.6-r1
alpine v3.21	gdk-pixbuf	=2.22.0-r0 \|\| =2.22.0-r1 \|\| =2.22.0-r2 \|\| =2.22.0-r3 \|\| =2.22.1-r0 \|\| =2.22.1-r1 \|\| =2.22.1-r2 \|\| =2.22.1-r3 \|\| =2.24.0-r0 \|\| =2.24.0-r1 \|\| =2.24.0-r2 \|\| =2.26.1-r0 \|\| =2.26.1-r1 \|\| =2.26.1-r2 \|\| =2.26.4-r0 \|\| =2.26.4-r1 \|\| =2.26.5-r0 \|\| =2.28.0-r0 \|\| =2.28.2-r0 \|\| =2.28.2-r1 \|\| =2.30.0-r0 \|\| =2.30.7-r0 \|\| =2.31.5-r0 \|\| =2.32.1-r0 \|\| =2.32.2-r0 \|\| =2.34.0-r0 \|\| =2.34.0-r1 \|\| =2.34.0-r2 \|\| =2.36.0-r0 \|\| =2.36.2-r0 \|\| =2.36.5-r0 \|\| =2.36.6-r0 \|\| >=0 <2.36.6-r1	2.36.6-r1

1-10 of 26

Aliases

1. CVE-2017-63122. NVD-2017-63123. OSV-ALPINE-2017-63124. OSV-2017-63125. OSV-DEBIAN-2017-63126. SECURITY-CVE-2017-63127. SECURITY-TRACKER-CVE-2017-6312

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.