An update for gdk-pixbuf2 is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2144 Final 1.0 1.0 2024-09-20 Initial 2024-09-20 2024-09-20 openEuler SA Tool V1.0 2024-09-20 gdk-pixbuf2 security update An update for gdk-pixbuf2 is now available for openEuler-22.03-LTS-SP3 gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites. Security Fix(es): In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.(CVE-2022-48622) An update for gdk-pixbuf2 is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High gdk-pixbuf2 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2144 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48622 https://nvd.nist.gov/vuln/detail/CVE-2022-48622 openEuler-22.03-LTS-SP3 gdk-pixbuf2-2.42.6-7.oe2203sp3.aarch64.rpm gdk-pixbuf2-debuginfo-2.42.6-7.oe2203sp3.aarch64.rpm gdk-pixbuf2-debugsource-2.42.6-7.oe2203sp3.aarch64.rpm gdk-pixbuf2-devel-2.42.6-7.oe2203sp3.aarch64.rpm gdk-pixbuf2-modules-2.42.6-7.oe2203sp3.aarch64.rpm gdk-pixbuf2-tests-2.42.6-7.oe2203sp3.aarch64.rpm gdk-pixbuf2-2.42.6-7.oe2203sp3.src.rpm gdk-pixbuf2-2.42.6-7.oe2203sp3.x86_64.rpm gdk-pixbuf2-debuginfo-2.42.6-7.oe2203sp3.x86_64.rpm gdk-pixbuf2-debugsource-2.42.6-7.oe2203sp3.x86_64.rpm gdk-pixbuf2-devel-2.42.6-7.oe2203sp3.x86_64.rpm gdk-pixbuf2-modules-2.42.6-7.oe2203sp3.x86_64.rpm gdk-pixbuf2-tests-2.42.6-7.oe2203sp3.x86_64.rpm gdk-pixbuf2-help-2.42.6-7.oe2203sp3.noarch.rpm In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c. 2024-09-20 CVE-2022-48622 openEuler-22.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H gdk-pixbuf2 security update 2024-09-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2144