Debian alert DLA-4531-1 (gdk-pixbuf)
| From: | Emilio Pozuelo Monfort <pochu@debian.org> | |
| To: | <debian-lts-announce@lists.debian.org> | |
| Subject: | [SECURITY] [DLA 4531-1] gdk-pixbuf security update | |
| Date: | Tue, 14 Apr 2026 11:43:41 +0200 | |
| Message-ID: | <20260414094341.59F335F00082@kamino> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4531-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 14, 2026 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : gdk-pixbuf Version : 2.42.2+dfsg-1+deb11u5 CVE ID : CVE-2026-5201 Debian Bug : 1132501 It was discovered that gdk-pixbuf, the GDK Pixbuf library, does not properly validate color component counts in the JPEG image loader, which may result in the execution of arbitrary code or denial of service if specially crafted JPEG images are processed. For Debian 11 bullseye, this problem has been fixed in version 2.42.2+dfsg-1+deb11u5. We recommend that you upgrade your gdk-pixbuf packages. For the detailed security status of gdk-pixbuf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gdk-pixbuf Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmneDEoACgkQnUbEiOQ2 gwKcOA/9G9oPMuw2+pr9BlkGnDNFSqu9iKxCek/vFR2bZXk2t04enbomyeqIqbyg dlu33a6vVRMXNzVGOJKY06CAo1G/vTo7AIZ2F2BJMiF3X+1NEdl5tWg8UYfjN5On DfLXtmgw900o7J+3l+wJ2+Yakufka+HP1uP8pS8ybztHpDhuFCm2qe0th0FMtaUB 3QhlS7l+QKEl90z2azRhBs5rwDKD7/cg6jGFg04yCEjN56Pk+Yx2tEvNDDfLCxVr 3vFktvwHmGj90zTd4m/rqrT/M9j1f9+ICL2UQG8Lo/6ds5qxN5BIjsG24HiCxDZa Dmeh4o5SFRYuMG0VR75pFYgmCKKH9ksr7uq6c+Rsiqfy5LMTZOQ3vymlT9KLKZAj 2zgKw5G3blng7hd3vjMMOg9pOgt/7nkqTf6eauZ8ETqewlyWTmp2e0o3ncx2lkVy p8uocGFHIehlNTe5UWM1e1zZFBW0cNWZ7+qvohIp60XYkrgH9RSRKsubucJKJJZi sUliX36Ns5ThoE1ZLwxkRrWd9WFYA8rp7zN5HA3zhAzpcgwIWQfo5teSIEECPryl bbv1PYcxqhpos+2AH8X/ffiP77BjO3UWHFnSVkbfwsBC35Xi7l6uGlWIcvc/G6Hj mEYdo1/Mpkyfhzh4Z9WA1xzKd2EKqHIM/Etmo8BCPqUkn1ftiYM= =P0i+ -----END PGP SIGNATURE-----