CVE-2020-29385

Summary

CVE	CVE-2020-29385
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-12-26 02:15:00 UTC
Updated	2023-11-07 03:21:00 UTC
Description	GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.

Risk And Classification

Problem Types: CWE-835

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	20.04	All	All	All
Operating System	Canonical	Ubuntu Linux	20.10	All	All	All
Operating System	Canonical	Ubuntu Linux	20.04	All	All	All
Operating System	Canonical	Ubuntu Linux	20.10	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Application	Gnome	Gdk-pixbuf	All	All	All	All
Application	Gnome	Gdk-pixbuf	All	All	All	All

References

Reference	Source	Link	Tags
GDK-PixBuf: Denial of service (GLSA 202012-15) — Gentoo security	MISC	security.gentoo.org	Third Party Advisory
[SECURITY] Fedora 33 Update: mingw-gdk-pixbuf-2.42.2-1.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
CVE-2020-29385 \| Ubuntu	CONFIRM	ubuntu.com	Patch, Third Party Advisory
endless loop in the write_indexes function in gdk-pixbuf/lzw.c (from [email protected]) (#164) · Issues · GNOME / gdk-pixbuf · GitLab	CONFIRM	gitlab.gnome.org	Vendor Advisory
[SECURITY] Fedora 33 Update: gdk-pixbuf2-2.42.2-2.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
[SECURITY] Fedora 34 Update: mingw-gdk-pixbuf-2.42.2-1.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
#977166 - gdk-pixbuf: CVE-2020-29385 - Debian Bug report logs	CONFIRM	bugs.debian.org	Issue Tracking, Third Party Advisory
[SECURITY] Fedora 33 Update: gdk-pixbuf2-2.42.2-2.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 33 Update: mingw-gdk-pixbuf-2.42.2-1.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
NEWS · master · GNOME / gdk-pixbuf · GitLab	MISC	gitlab.gnome.org	Release Notes, Vendor Advisory
[SECURITY] Fedora 34 Update: mingw-gdk-pixbuf-2.42.2-1.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

281529 Fedora Security Update for mingw (FEDORA-2021-755ba8968a)
281530 Fedora Security Update for mingw (FEDORA-2021-c918632e13)
500201 Alpine Linux Security Update for gdk-pixbuf
501406 Alpine Linux Security Update for gdk-pixbuf
503942 Alpine Linux Security Update for gdk-pixbuf
750396 OpenSUSE Security Update for gdk-pixbuf (openSUSE-SU-2021:0150-1)