Bug 1219276 (CVE-2022-48622)

Summary: VUL-0: CVE-2022-48622: gdk-pixbuf,gtk2: heap memory corruption on gdk-pixbuf
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: IN_PROGRESS --- QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P2 - High CC: camila.matos, cxiong, gnome-bugs, hvdheuvel, meissner, songchuan.kang, stoyan.manolov, thomas.leroy, yfjiang
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/392273/
See Also: https://bugzilla.suse.com/show_bug.cgi?id=1220293
Whiteboard: CVSSv3.1:SUSE:CVE-2022-48622:7.3:(AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-01-29 10:11:35 UTC 
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48622
https://www.cve.org/CVERecord?id=CVE-2022-48622
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202
https://bugzilla.redhat.com/show_bug.cgi?id=2260545
Comment 1 Thomas Leroy 2024-01-29 10:30:19 UTC 
gtk2 doesn't look affected but gdk-pixbuf does:

- SUSE:ALP:Source:Standard:1.0/gdk-pixbuf
- SUSE:SLE-12-SP2:Update/gdk-pixbuf
- SUSE:SLE-15-SP2:Update/gdk-pixbuf
- SUSE:SLE-15-SP4:Update/gdk-pixbuf
- SUSE:SLE-15:Update/gdk-pixbuf
Comment 5 Hans van den Heuvel 2024-04-30 08:29:46 UTC 
Is there any progress on this that perhaps is not covered in the upstream bug?

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202 was already created 2y ago, with last bug action apparantly 2 months ago. 

Should the score for this really be 7.3 ?
Comment 8 Jonathan Kang 2024-05-13 13:16:58 UTC 
Working on this.
Comment 12 Maintenance Automation 2024-05-20 20:30:15 UTC 
SUSE-SU-2024:1699-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1219276
CVE References: CVE-2022-48622
Maintenance Incident: [SUSE:Maintenance:33887](https://smelt.suse.de/incident/33887/)
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 gdk-pixbuf-2.34.0-19.20.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 gdk-pixbuf-2.34.0-19.20.1
SUSE Linux Enterprise Server 12 SP5 (src):
 gdk-pixbuf-2.34.0-19.20.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 gdk-pixbuf-2.34.0-19.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Maintenance Automation 2024-05-29 20:30:14 UTC 
SUSE-SU-2024:1842-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1219276
CVE References: CVE-2022-48622
Maintenance Incident: [SUSE:Maintenance:33888](https://smelt.suse.de/incident/33888/)
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 gdk-pixbuf-2.40.0-150200.3.12.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 gdk-pixbuf-2.40.0-150200.3.12.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 gdk-pixbuf-2.40.0-150200.3.12.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 gdk-pixbuf-2.40.0-150200.3.12.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 gdk-pixbuf-2.40.0-150200.3.12.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 gdk-pixbuf-2.40.0-150200.3.12.1
SUSE Enterprise Storage 7.1 (src):
 gdk-pixbuf-2.40.0-150200.3.12.1
SUSE Linux Enterprise Micro 5.2 (src):
 gdk-pixbuf-2.40.0-150200.3.12.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 gdk-pixbuf-2.40.0-150200.3.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Maintenance Automation 2024-06-19 08:30:29 UTC 
SUSE-SU-2024:2077-1: An update that solves one vulnerability and has two security fixes can now be installed.

Category: security (important)
Bug References: 1195391, 1219276, 1223903
CVE References: CVE-2022-48622
Maintenance Incident: [SUSE:Maintenance:34160](https://smelt.suse.de/incident/34160/)
Sources used:
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
SUSE Manager Proxy 4.3 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
SUSE Manager Retail Branch Server 4.3 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
SUSE Manager Server 4.3 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
openSUSE Leap 15.4 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
openSUSE Leap Micro 5.3 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
openSUSE Leap Micro 5.4 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
openSUSE Leap 15.5 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
SUSE Linux Enterprise Micro 5.3 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
SUSE Linux Enterprise Micro 5.4 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
SUSE Linux Enterprise Micro 5.5 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
Basesystem Module 15-SP5 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Maintenance Automation 2024-06-19 08:30:34 UTC 
SUSE-SU-2024:2076-1: An update that solves one vulnerability and has two security fixes can now be installed.

Category: security (important)
Bug References: 1195391, 1219276, 1223903
CVE References: CVE-2022-48622
Maintenance Incident: [SUSE:Maintenance:34195](https://smelt.suse.de/incident/34195/)
Sources used:
openSUSE Leap 15.6 (src):
 gdk-pixbuf-2.42.12-150600.3.3.1
Basesystem Module 15-SP6 (src):
 gdk-pixbuf-2.42.12-150600.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Maintenance Automation 2024-07-12 16:30:40 UTC 
SUSE-SU-2024:2077-2: An update that solves one vulnerability and has two security fixes can now be installed.

Category: security (important)
Bug References: 1195391, 1219276, 1223903
CVE References: CVE-2022-48622
Maintenance Incident: [SUSE:Maintenance:34160](https://smelt.suse.de/incident/34160/)
Sources used:
SUSE Linux Enterprise Micro 5.5 (src):
 gdk-pixbuf-2.42.12-150400.5.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.