Filtered by vendor Gnome Subscriptions
Filtered by product Gdkpixbuf Subscriptions
Total 11 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-6199 2 Gnome, Redhat 2 Gdkpixbuf, Enterprise Linux 2025-08-21 3.3 Low
A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.
CVE-2004-0753 2 Gnome, Redhat 3 Gdkpixbuf, Gtk, Enterprise Linux 2025-04-03 N/A
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
CVE-2004-0783 2 Gnome, Redhat 3 Gdkpixbuf, Gtk, Enterprise Linux 2025-04-03 N/A
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
CVE-2005-2975 2 Gnome, Redhat 3 Gdkpixbuf, Gtk, Enterprise Linux 2025-04-03 N/A
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.
CVE-2004-0782 2 Gnome, Redhat 3 Gdkpixbuf, Gtk, Enterprise Linux 2025-04-03 N/A
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
CVE-2004-0788 2 Gnome, Redhat 3 Gdkpixbuf, Gtk, Enterprise Linux 2025-04-03 N/A
Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.
CVE-2005-3186 3 Gnome, Gtk, Redhat 3 Gdkpixbuf, Gtk\+, Enterprise Linux 2025-04-03 N/A
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
CVE-2005-2976 2 Gnome, Redhat 3 Gdkpixbuf, Gtk, Enterprise Linux 2025-04-03 N/A
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
CVE-2004-0111 3 Gnome, Redhat, Sgi 6 Gdkpixbuf, Enterprise Linux, Gdk Pixbuf and 3 more 2025-04-03 N/A
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
CVE-2022-48622 2 Gnome, Redhat 2 Gdkpixbuf, Enterprise Linux 2024-11-21 7.8 High
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.
CVE-2021-44648 4 Debian, Fedoraproject, Gnome and 1 more 4 Debian Linux, Fedora, Gdkpixbuf and 1 more 2024-11-21 8.8 High
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.