{"schema_version":"1.7.2","id":"OESA-2024-2145","modified":"2024-09-20T11:09:09Z","published":"2024-09-20T11:09:09Z","upstream":["CVE-2022-48622"],"summary":"gdk-pixbuf2 security update","details":"gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites.\r\n\r\nSecurity Fix(es):\r\n\r\nIn GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.(CVE-2022-48622)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"gdk-pixbuf2","purl":"pkg:rpm/openEuler/gdk-pixbuf2\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.40.0-6.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["gdk-pixbuf2-2.40.0-6.oe2003sp4.aarch64.rpm","gdk-pixbuf2-debuginfo-2.40.0-6.oe2003sp4.aarch64.rpm","gdk-pixbuf2-debugsource-2.40.0-6.oe2003sp4.aarch64.rpm","gdk-pixbuf2-devel-2.40.0-6.oe2003sp4.aarch64.rpm"],"noarch":["gdk-pixbuf2-help-2.40.0-6.oe2003sp4.noarch.rpm"],"src":["gdk-pixbuf2-2.40.0-6.oe2003sp4.src.rpm"],"x86_64":["gdk-pixbuf2-2.40.0-6.oe2003sp4.x86_64.rpm","gdk-pixbuf2-debuginfo-2.40.0-6.oe2003sp4.x86_64.rpm","gdk-pixbuf2-debugsource-2.40.0-6.oe2003sp4.x86_64.rpm","gdk-pixbuf2-devel-2.40.0-6.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2145"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48622"}],"database_specific":{"severity":"High"}}