hugo/content/about/security/advisories/cve-2011-2485-00.md

Thu, 02 Jan 2025 16:35:59 -0600

author
Gary Kramlich <grim@reaperworld.com>
date
Thu, 02 Jan 2025 16:35:59 -0600
changeset 545
cf811d26020d
parent 399
0ec2c139628a
permissions
-rw-r--r--

Add a flathub verification token

Testing Done:
Ran with `npm run hugo:server` and verified the file was served properly.

Reviewed at https://reviews.imfreedom.org/r/3718/

---
title: cve-2011-2485-00
date: 2011-06-23T00:00:00.000Z
cveNumber: cve-2011-2485
summary: Remote denial of service from corrupt buddy icons
discoveredBy: Mark Doliner
fixedInRelease: 2.9.0
type: security
layout: cve
hidden: true
---

### Description

It was found that the gdk-pixbuf GIF image loader routine
`gdk_pixbuf__gif_image_load()` did not properly handle certain return values
from its subroutines. A remote attacker could provide a specially-crafted GIF
image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially
initialized pixbuf structure. Using this structure, possibly containing a huge
width and height, could lead to the application being terminated due to
excessive memory use.

### Mitigation

Change Pidgin to look at the GError parameter in addition to the return value
when calling certain gdk-pixbuf functions.

mercurial