CVE-2020-29385

26.12.2020, 02:15

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.

Infinite Loop

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 70%

Affected Products (NVD)

Vendor	Product	Version
gnome	gdk-pixbuf	2.39.2 < 𝑥 < 2.42.2
canonical	ubuntu_linux	20.04
canonical	ubuntu_linux	20.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

gdk-pixbuf

bookworm	2.42.10+dfsg-1+deb12u1 fixed
bullseye	2.42.2+dfsg-1+deb11u2 fixed
bullseye (security)	2.42.2+dfsg-1+deb11u1 fixed
buster	not-affected
sid	2.42.12+dfsg-1 fixed
stretch	not-affected
trixie	2.42.12+dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

gdk-pixbuf

bionic	not-affected
focal	Fixed 2.40.0+dfsg-3ubuntu0.1 released
groovy	Fixed 2.40.0+dfsg-5ubuntu0.1 released
trusty	dne
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

gdk-pixbuf-devel

suse enterprise desktop 15 SP2	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP3	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise desktop 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise desktop 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise desktop 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise sap 15 SP2	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP3	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise sap 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise sap 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise sap 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise server 15 SP2	2.40.0-3.3.1 fixed
suse enterprise server 15 SP3	2.40.0-3.3.1 fixed
suse enterprise server 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise server 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise server 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise server 15 SP7	2.42.12-150600.3.3.1 fixed

gdk-pixbuf-lang

suse enterprise desktop 15 SP2	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP3	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise desktop 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise desktop 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise desktop 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise sap 15 SP2	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP3	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise sap 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise sap 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise sap 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise server 15 SP2	2.40.0-3.3.1 fixed
suse enterprise server 15 SP3	2.40.0-3.3.1 fixed
suse enterprise server 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise server 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise server 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise server 15 SP7	2.42.12-150600.3.3.1 fixed

gdk-pixbuf-query-loaders

suse enterprise desktop 15 SP2	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP3	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise desktop 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise desktop 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise desktop 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise sap 15 SP2	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP3	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise sap 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise sap 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise sap 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise server 15 SP2	2.40.0-3.3.1 fixed
suse enterprise server 15 SP3	2.40.0-3.3.1 fixed
suse enterprise server 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise server 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise server 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise server 15 SP7	2.42.12-150600.3.3.1 fixed

gdk-pixbuf-query-loaders-32bit

suse enterprise desktop 15 SP2	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP3	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise desktop 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise desktop 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise desktop 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise sap 15 SP2	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP3	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise sap 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise sap 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise sap 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise server 15 SP2	2.40.0-3.3.1 fixed
suse enterprise server 15 SP3	2.40.0-3.3.1 fixed
suse enterprise server 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise server 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise server 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise server 15 SP7	2.42.12-150600.3.3.1 fixed

gdk-pixbuf-thumbnailer

suse enterprise desktop 15 SP2	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP3	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise desktop 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise desktop 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise desktop 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise sap 15 SP2	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP3	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise sap 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise sap 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise sap 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise server 15 SP2	2.40.0-3.3.1 fixed
suse enterprise server 15 SP3	2.40.0-3.3.1 fixed
suse enterprise server 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise server 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise server 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise server 15 SP7	2.42.12-150600.3.3.1 fixed

libgdk_pixbuf-2_0-0

suse enterprise desktop 15 SP2	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP3	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise desktop 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise desktop 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise desktop 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise sap 15 SP2	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP3	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise sap 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise sap 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise sap 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise server 15 SP2	2.40.0-3.3.1 fixed
suse enterprise server 15 SP3	2.40.0-3.3.1 fixed
suse enterprise server 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise server 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise server 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise server 15 SP7	2.42.12-150600.3.3.1 fixed

libgdk_pixbuf-2_0-0-32bit

suse enterprise desktop 15 SP2	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP3	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise desktop 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise desktop 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise desktop 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise sap 15 SP2	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP3	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise sap 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise sap 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise sap 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise server 15 SP2	2.40.0-3.3.1 fixed
suse enterprise server 15 SP3	2.40.0-3.3.1 fixed
suse enterprise server 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise server 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise server 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise server 15 SP7	2.42.12-150600.3.3.1 fixed

typelib-1_0-GdkPixbuf-2_0

suse enterprise desktop 15 SP2	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP3	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise desktop 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise desktop 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise desktop 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise sap 15 SP2	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP3	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise sap 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise sap 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise sap 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise server 15 SP2	2.40.0-3.3.1 fixed
suse enterprise server 15 SP3	2.40.0-3.3.1 fixed
suse enterprise server 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise server 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise server 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise server 15 SP7	2.42.12-150600.3.3.1 fixed

typelib-1_0-GdkPixdata-2_0

suse enterprise desktop 15 SP2	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP3	2.40.0-3.3.1 fixed
suse enterprise desktop 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise desktop 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise desktop 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise desktop 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise sap 15 SP2	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP3	2.40.0-3.3.1 fixed
suse enterprise sap 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise sap 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise sap 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise sap 15 SP7	2.42.12-150600.3.3.1 fixed
suse enterprise server 15 SP2	2.40.0-3.3.1 fixed
suse enterprise server 15 SP3	2.40.0-3.3.1 fixed
suse enterprise server 15 SP4	2.42.6-150400.3.8 fixed
suse enterprise server 15 SP5	2.42.9-150400.5.6.1 fixed
suse enterprise server 15 SP6	2.42.10-150600.1.4 fixed
suse enterprise server 15 SP7	2.42.12-150600.3.3.1 fixed

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/

https://security.gentoo.org/glsa/202012-15

https://ubuntu.com/security/CVE-2020-29385