{"url":"http://public2.vulnerablecode.io/api/packages/68624?format=json","purl":"pkg:conan/gdk-pixbuf@2.42.10","type":"conan","namespace":"","name":"gdk-pixbuf","version":"2.42.10","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.42.8","latest_non_vulnerable_version":"2.42.8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46903?format=json","vulnerability_id":"VCID-kbfc-y8ke-b3hh","summary":"Out-of-bounds Write\nIn GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.","references":[{"reference_url":"https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48622","reference_id":"CVE-2022-48622","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48622"}],"fixed_packages":[],"aliases":["CVE-2022-48622"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kbfc-y8ke-b3hh"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/gdk-pixbuf@2.42.10"}