GIF: Don't return a partially initialized pixbuf structure
It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load() routine did not properly handle certain return values from their subroutines. A remote attacker could provide a specially-crafted GIF image, which once opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf to return partially initialized pixbuf structure, possibly having huge width and height, leading to that particular application termination due excessive memory use. The CVE identifier of CVE-2011-2485 has been assigned to this issue.
parent
50f15d20
Please register or sign in to comment