From the upstream fix at $URL:
GIF: Don't return a partially initialized pixbuf structure
It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load() routine did not properly handle certain return values from their subroutines. A remote attacker could provide a specially-crafted GIF image, which once opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf to return partially initialized pixbuf structure, possibly having huge width and height, leading to that particular application termination due excessive memory use.
The CVE identifier of CVE-2011-2485 has been assigned to this issue.
+*gdk-pixbuf-2.22.1-r2 (04 Jul 2011)
+ 04 Jul 2011; Pacho Ramos <firstname.lastname@example.org> +gdk-pixbuf-2.22.1-r2.ebuild,
+ GIF: Don't return a partially initialized pixbuf structure, fix security bug
+ #373999 by Tim Sammut.
CCing arches as looks to work ok for me and that way we try to prevent remaining arches from having to stabilize previous and vulnerable versions
Stable for HPPA.
x86 stable. Thanks
Thanks, everyone. GLSA request filed.
Why this isn't closed? There is no <x11-libs/gdk-pixbuf-2.22.1-r2 in tree.
(In reply to comment #10)
> Why this isn't closed? There is no <x11-libs/gdk-pixbuf-2.22.1-r2 in tree.
We don't close security bugs until we've either published a GLSA, or decided that we are not going to for an issue. This bug is waiting for a GLSA to be published.
This issue was resolved and addressed in
GLSA 201206-20 at http://security.gentoo.org/glsa/glsa-201206-20.xml
by GLSA coordinator Sean Amoss (ackle).
The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf
before 2.23.5 does not properly handle certain return values, which allows
remote attackers to cause a denial of service (memory consumption) via a
crafted GIF image file.