{"id":"AZL-34069","summary":"CVE-2022-48622 affecting package gdk-pixbuf2 for versions less than 2.40.0-6","details":"In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.","modified":"2026-04-21T04:27:01.012678Z","published":"2024-01-26T09:15:07Z","upstream":["CVE-2022-48622"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48622"}],"affected":[{"package":{"name":"gdk-pixbuf2","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/gdk-pixbuf2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.40.0-6"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34069.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}