4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
55.7%
Severity: Medium
Date : 2020-12-09
CVE-ID : CVE-2020-29385
Package : gdk-pixbuf2
Type : denial of service
Remote : No
Link : https://security.archlinux.org/AVG-1328
The package gdk-pixbuf2 before version 2.42.2-1 is vulnerable to denial
of service.
Upgrade to 2.42.2-1.
The problem has been fixed upstream in version 2.42.2.
None.
A security issue was found in gdk-pixbuf2 2.40.0 up to 2.42.0. A
malformed GIF image could lead to an endless loop in the write_indexes
function in gdk-pixbuf/lzw.c, taking full CPU resources and leading to
a denial of service.
An attacker might be able to cause a denial of service via a crafted
GIF image.
https://mail.gnome.org/archives/distributor-list/2020-December/msg00000.html
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164
https://gitlab.gnome.org/GNOME/gdk-pixbuf/uploads/2838c96bb111a93d845b95c53b8953e3/gif_lzw_PoC.tar.gz
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/92
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bdd3acbd48a575d418ba6bf1b32d7bda2fae1c81
https://security.archlinux.org/CVE-2020-29385
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | gdk-pixbuf2 | < 2.42.2-1 | UNKNOWN |
gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bdd3acbd48a575d418ba6bf1b32d7bda2fae1c81
gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164
gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/92
gitlab.gnome.org/GNOME/gdk-pixbuf/uploads/2838c96bb111a93d845b95c53b8953e3/gif_lzw_PoC.tar.gz
mail.gnome.org/archives/distributor-list/2020-December/msg00000.html
security.archlinux.org/AVG-1328
security.archlinux.org/CVE-2020-29385
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
55.7%