date: 2011-06-23T00:00:00.000Z
summary: Remote denial of service from corrupt buddy icons
discoveredBy: Mark Doliner
It was found that the gdk-pixbuf GIF image loader routine
`gdk_pixbuf__gif_image_load()` did not properly handle certain return values
from its subroutines. A remote attacker could provide a specially-crafted GIF
image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially
initialized pixbuf structure. Using this structure, possibly containing a huge
width and height, could lead to the application being terminated due to
Change Pidgin to look at the GError parameter in addition to the return value
when calling certain gdk-pixbuf functions.