CVE-2020-29385

Name of the Vulnerable Software and Affected Versions GNOME gdk-pixbuf (aka GdkPixbuf) versions prior to 2.42.2

Description The issue is related to the execution of a loop with an inaccessible exit condition in the GdkPixbuf library, which can be exploited to cause a denial of service (infinite loop). This can occur in the write indexes function in lzw.c when c->self code equals 10, leading to an infinite assignment of values between self->code table[10].extends and self->code table[11].extends. This bug can be triggered by calling the function with a specially crafted GIF image that uses LZW compression.

Recommendations For versions prior to 2.42.2, update to version 2.42.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of GIF images with LZW compression until the issue is resolved.