• Matthias Clasen's avatar
    GIF: Don't return a partially initialized pixbuf structure · f8569bb1
    Matthias Clasen authored
    It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load()
    routine did not properly handle certain return values from their subroutines.
    A remote attacker could provide a specially-crafted GIF image, which once
    opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf
    to return partially initialized pixbuf structure, possibly having huge
    width and height, leading to that particular application termination due
    excessive memory use.
    
    The CVE identifier of CVE-2011-2485 has been assigned to this issue.
    f8569bb1
io-gif.c 52 KB