Home > Vulnerability Database > CVE-2020-29385

Mend.io Vulnerability Database

CVE-2020-29385

Good to know:

Date: December 25, 2020

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.

Language: C

Severity Score

5.5

Related Resources (17)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29385

Url: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166

Url: https://security-tracker.debian.org/tracker/CVE-2020-29385

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/

Url: https://github.com/GNOME/gdk-pixbuf/commit/bdd3acbd48a575d418ba6bf1b32d7bda2fae1c81

Url: https://security.gentoo.org/glsa/202012-15

Url: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/

Url: https://ubuntu.com/security/CVE-2020-29385

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/

Url: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-29385

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/

Url: https://security.alpinelinux.org/vuln/CVE-2020-29385

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/

Url: https://www.mend.io/vulnerability-database/CVE-2020-29385

Severity Score

5.5

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Top Fix

Upgrade Version

Upgrade to version 2.42.2

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-29385

Good to know:

Date: December 25, 2020

Language: C

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?