Gdkpixbuf Security Vulnerabilities and Issues — Gdkpixbuf CVE List

Lucene search

GnomeGdkpixbuf

11 matches found

CVE•added 2022/01/12 1:15 p.m.•140 views

CVE-2021-44648

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

8.8CVSS8.5AI score0.00201EPSS

CVE•added 2004/10/20 4:0 a.m.•71 views

CVE-2004-0783

Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced ...

7.5CVSS7.9AI score0.30599EPSS

CVE•added 2024/01/26 9:15 a.m.•71 views

CVE-2022-48622

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of serv...

7.8CVSS7.6AI score0.00077EPSS

CVE•added 2004/10/20 4:0 a.m.•69 views

CVE-2004-0788

Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.

5CVSS7.2AI score0.1293EPSS

CVE•added 2005/11/18 11:0 a.m.•68 views

CVE-2005-2976

Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.

7.5CVSS7.9AI score0.02224EPSS

CVE•added 2004/10/20 4:0 a.m.•65 views

CVE-2004-0782

Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY fo...

7.5CVSS8AI score0.30045EPSS

CVE•added 2005/11/18 11:0 a.m.•64 views

CVE-2005-2975

io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.

7.8CVSS7.1AI score0.1189EPSS

CVE•added 2005/11/18 11:0 a.m.•64 views

CVE-2005-3186

Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.

7.5CVSS7.9AI score0.02224EPSS

CVE•added 2004/10/20 4:0 a.m.•63 views

CVE-2004-0753

The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.

5CVSS7.1AI score0.1204EPSS

CVE•added 2004/09/01 4:0 a.m.•57 views

CVE-2004-0111

gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.

5CVSS6AI score0.01347EPSS

CVE•added 2025/06/17 3:15 p.m.•31 views

CVE-2025-6199

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the bu...

3.3CVSS4.1AI score0.00019EPSS