CVE-2022-48622

EUVD-2022-51317
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
gnomegdkpixbuf
𝑥
≤ 2.42.10
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
gnomegdkpixbuf
𝑥
≤ 2.42.10
ADP
Debian logo
Debian Releases
Debian Product
Codename
gdk-pixbuf
bookworm
2.42.10+dfsg-1+deb12u1
fixed
bullseye
2.42.2+dfsg-1+deb11u2
fixed
bullseye (security)
vulnerable
buster
postponed
sid
2.42.12+dfsg-1
fixed
trixie
2.42.12+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gdk-pixbuf
bionic
Fixed 2.36.11-2ubuntu0.1~esm1
released
focal
Fixed 2.40.0+dfsg-3ubuntu0.5
released
jammy
Fixed 2.42.8+dfsg-1ubuntu0.3
released
lunar
ignored
mantic
Fixed 2.42.10+dfsg-1ubuntu0.1
released
noble
Fixed 2.42.10+dfsg-3ubuntu3.1
released
trusty
ignored
xenial
Fixed 2.32.2-1ubuntu1.6+esm1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gdk-pixbuf-devel
suse enterprise desktop 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise desktop 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise desktop 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise sap 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise server 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.3.1
fixed
gdk-pixbuf-lang
suse enterprise desktop 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise desktop 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise desktop 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise sap 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise server 12 SP3
2.34.0-19.20.1
fixed
suse enterprise server 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.3.1
fixed
gdk-pixbuf-query-loaders
suse enterprise desktop 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise desktop 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise desktop 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise sap 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise server 12 SP3
2.34.0-19.20.1
fixed
suse enterprise server 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.3.1
fixed
gdk-pixbuf-query-loaders-32bit
suse enterprise desktop 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise desktop 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise desktop 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise sap 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise server 12 SP3
2.34.0-19.20.1
fixed
suse enterprise server 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.3.1
fixed
gdk-pixbuf-thumbnailer
suse enterprise desktop 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise desktop 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise desktop 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise sap 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise server 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.3.1
fixed
libgdk_pixbuf-2_0-0
suse enterprise desktop 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise desktop 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise desktop 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise sap 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise server 12 SP3
2.34.0-19.20.1
fixed
suse enterprise server 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.3.1
fixed
libgdk_pixbuf-2_0-0-32bit
suse enterprise desktop 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise desktop 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise desktop 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise sap 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise server 12 SP3
2.34.0-19.20.1
fixed
suse enterprise server 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.3.1
fixed
typelib-1_0-GdkPixbuf-2_0
suse enterprise desktop 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise desktop 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise desktop 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise sap 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise server 12 SP3
2.34.0-19.20.1
fixed
suse enterprise server 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.3.1
fixed
typelib-1_0-GdkPixdata-2_0
suse enterprise desktop 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise desktop 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise desktop 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise sap 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.3.1
fixed
suse enterprise server 15 SP2
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP3
2.40.0-150200.3.12.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.9.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.3.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
gdk-pixbuf2
RHEL 8
0:2.36.12-6.el8_10
fixed
RHEL 9
0:2.42.6-4.el9_4
fixed
gdk-pixbuf2-devel
RHEL 8
0:2.36.12-6.el8_10
fixed
RHEL 9
0:2.42.6-4.el9_4
fixed
gdk-pixbuf2-modules
RHEL 8
0:2.36.12-6.el8_10
fixed
RHEL 9
0:2.42.6-4.el9_4
fixed
gdk-pixbuf2-xlib
RHEL 8
0:2.36.12-6.el8_10
fixed
gdk-pixbuf2-xlib-devel
RHEL 8
0:2.36.12-6.el8_10
fixed
Common Weakness Enumeration
References
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202