CVE-2020-29385

Published: Dec 26, 2020Modified: Apr 29, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.

Affected (5)

Products: Gnome: Gdk Pixbuf · Canonical: Ubuntu Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnome Gdk Pixbuf	After 2.39.2 to 2.42.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 20.04
Canonical Ubuntu Linux	Version 20.10

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (16)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS

Source: cve@mitre.org

Release NotesVendor Advisory

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164

Source: cve@mitre.org

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202012-15

Source: cve@mitre.org

Third Party Advisory

https://ubuntu.com/security/CVE-2020-29385

Source: cve@mitre.org

PatchThird Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202012-15

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://ubuntu.com/security/CVE-2020-29385

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.