Ubuntu.comUB:CVE-2020-29385CVE-2020-29385
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
55.7%
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service
(infinite loop) in lzw.c in the function write_indexes. if c->self_code
equals 10, self->code_table[10].extends will assign the value 11 to c. The
next execution in the loop will assign self->code_table[11].extends to c,
which will give the value of 10. This will make the loop run infinitely.
This bug can, for example, be triggered by calling this function with a GIF
image with LZW compression that is crafted in a special way.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | per upstream bug, gdk-pixbuf < 2.39.2 is not vulnerable |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 20.04 | noarch | gdk-pixbuf | < 2.40.0+dfsg-3ubuntu0.1 | UNKNOWN |
| ubuntu | 20.10 | noarch | gdk-pixbuf | < 2.40.0+dfsg-5ubuntu0.1 | UNKNOWN |
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
55.7%