ArchLinux: 201611-12: lib32-gdk-pixbuf2: arbitrary code execution
Summary
An out-of-bounds write has been discovered in the OneLine32() function while parsing an ico file. A maliciously crafted file can cause the application to crash or possibly execute arbitrary code.
Resolution
Upgrade to 2.36.0+2+ga7c869a-1.
# pacman -Syu "lib32-gdk-pixbuf2>=2.36.0+2+ga7c869a-1"
The problem has been fixed upstream in version 2.35.3.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1349751 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/88af50a864195da1a4f7bda5f02539704fbda599 https://access.redhat.com/security/cve/CVE-2016-6352
Workaround
None.