Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2020-29385

Published: 26/12/2020 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Gdk-pixbuf

Vulnerability Summary

GNOME gdk-pixbuf (aka GdkPixbuf) prior to 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome gdk-pixbuf

canonical ubuntu linux 20.04

canonical ubuntu linux 20.10

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Debian CVElist Bug Report Logs: gdk-pixbuf: CVE-2020-29385
Debian Bug report logs - #977166 gdk-pixbuf: CVE-2020-29385 Package: src:gdk-pixbuf; Maintainer for src:gdk-pixbuf is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 11 Dec 2020 23:03:01 UTC Severity: important Tags: security, ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-1328 gdk-pixbuf2 2420-2 Unknown Vulnerable ...

References

CWE-835https://ubuntu.com/security/CVE-2020-29385https://security.gentoo.org/glsa/202012-15https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWShttps://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook