Slashdot Mirror


GdkPixbuf Suffers Image Decoding Vulnerabilities

DNAspark99 writes "It seems Multiple vulnerabilities have been reported in GdkPixbuf, which can be exploited by malicious people to DoS (Denial of Service), and potentially compromise a vulnerable system. Personally, I wasn't concerned about this until I ran 'ldd firefox-bin | grep libgdk_pixbuf'" There's no official patch yet, but the article notes several Linux vendors have issued updates. Worth keeping an eye for those who use libgdk_pixbuf under other Unix-style operating systems as well.

2 of 291 comments (clear)

  1. Somebody is busy ... by crimethinker · · Score: 5, Insightful
    I think this is the fourth vulnerability related to image decoding I've seen in the past month or so. Methinks somebody is doing a thorough code review of open source image libraries, the stolen NT code (remember the Windows BMP vuln?), and, where source can't be obtained, thinking about where it might be vulnerable. I just wish people with that much determination would concentrate on fixing the bugs, instead of exploiting them ... so much wasted talent.

    sigh Time to tell the idealist in me to STFU.

    -paul

    --
    Pistol caliber is like religion: everyone has their favourite, and theirs is the only right choice.
  2. Re:What the hell by Seq · · Score: 5, Insightful

    I find that alot of people I've worked with in software development have a "get it working, clean it up later" attitude. Usually basic error checking gets thrown in, but "hardcore" security often gets put aside in favour of other projects that need to be done. Thus, I think we end up with a fair amount of possibly shoddy code.

    I've never done an audit, because I'm trying to write good code, and it's all I can do to be as "productive" as the others.

    I don't think anybody seriously thinks "man, that could be a huge problem! well, nobody will notice".

    --
    -- Seq