CVE-2022-48622 - OpenCVE

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnome	Gdkpixbuf
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:gnome:gdkpixbuf:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
gdk-pixbuf2-0:2.36.12-6.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:3341	2024-05-23T00:00:00Z
gdk-pixbuf2-0:2.36.12-6.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:3341	2024-05-23T00:00:00Z
Red Hat Enterprise Linux 9
gdk-pixbuf2-0:2.42.6-4.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:3834	2024-06-11T00:00:00Z

References

Link	Providers
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202
https://nvd.nist.gov/vuln/detail/CVE-2022-48622
https://www.cve.org/CVERecord?id=CVE-2022-48622

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-26T00:00:00

Updated: 2024-08-26T19:25:00.545Z

Reserved: 2024-01-26T00:00:00

Link: CVE-2022-48622

Vulnrichment

Updated: 2024-08-03T15:17:55.258Z

NVD

Status : Modified

Published: 2024-01-26T09:15:07.570

Modified: 2024-08-26T20:35:01.673

Link: CVE-2022-48622

Redhat

Severity : Moderate

Publid Date: 2024-01-26T00:00:00Z

Links: CVE-2022-48622 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-48622", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-26T19:25:00.545Z", "dateReserved": "2024-01-26T00:00:00", "datePublished": "2024-01-26T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-26T08:07:20.716235"}, "descriptions": [{"lang": "en", "value": "In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.258Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "affected": [{"vendor": "gnome", "product": "gdkpixbuf", "cpes": ["cpe:2.3:a:gnome:gdkpixbuf:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.42.10", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-26T19:23:51.698580Z", "id": "CVE-2022-48622", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T19:25:00.545Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.258Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-48622", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-26T19:23:51.698580Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gnome:gdkpixbuf:*:*:*:*:*:*:*:*"], "vendor": "gnome", "product": "gdkpixbuf", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.42.10"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T19:24:18.322Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202"}], "descriptions": [{"lang": "en", "value": "In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-26T08:07:20.716235"}}}, "cveMetadata": {"cveId": "CVE-2022-48622", "state": "PUBLISHED", "dateUpdated": "2024-08-26T19:25:00.545Z", "dateReserved": "2024-01-26T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-01-26T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gdkpixbuf:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFAFB1D2-977E-4F83-A644-EC034FB0A447", "versionEndIncluding": "2.42.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c."}, {"lang": "es", "value": "En GNOME GdkPixbuf (tambi\u00e9n conocido como gdk-pixbuf) hasta 2.42.10, el decodificador ANI (cursor animado de Windows) encuentra corrupci\u00f3n en la memoria del mont\u00f3n (en ani_load_chunk en io-ani.c) al analizar fragmentos en un archivo .ani manipulado. Un archivo manipulado podr\u00eda permitir a un atacante sobrescribir metadatos del mont\u00f3n, lo que provocar\u00eda una denegaci\u00f3n de servicio o un ataque de ejecuci\u00f3n de c\u00f3digo. Esto ocurre en gdk_pixbuf_set_option() en gdk-pixbuf.c."}], "id": "CVE-2022-48622", "lastModified": "2024-08-26T20:35:01.673", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-01-26T09:15:07.570", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3341", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gdk-pixbuf2-0:2.36.12-6.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3341", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gdk-pixbuf2-0:2.36.12-6.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3834", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "gdk-pixbuf2-0:2.42.6-4.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-11T00:00:00Z"}], "bugzilla": {"description": "gnome: heap memory corruption on gdk-pixbuf", "id": "2260545", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260545"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.", "A flaw was found in GNOME's GdkPixbuf library, a library used to load image data in various formats used by GDK for handling graphical assets. This issue occurs when loading a crafted ANI (animated cursor file) file, which may lead to a heap based out-of-bounds write, causing memory corruption. When a successful attack is in place, it can lead to a denial of service or in some cases arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "This flaw can be mitigated by the user avoiding to load .ani files from untrusted sources."}, "name": "CVE-2022-48622", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gdk-pixbuf2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "gdk-pixbuf2", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-01-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48622\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48622"], "statement": "The vulnerability in the GdkPixbuf library, allowing for heap-based out-of-bounds writes when loading crafted ANI files, poses a moderate severity risk. While the flaw could lead to memory corruption and potential denial of service or arbitrary code execution, its impact is somewhat mitigated by factors such as the need for the attacker to craft specifically malicious ANI files and the requirement for user interaction to open these files. Additionally, exploitation is limited to systems where GdkPixbuf is used to handle ANI files, reducing the overall attack surface.", "threat_severity": "Moderate"}