Gdkpixbuf

This hub aggregates every CVE we track for Gdkpixbuf, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 14 most recently published vulnerabilities affecting Gdkpixbuf.

• CVE-2025-7345Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf7.5Jul 8, 2025
• CVE-2025-6199Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder3.3Jun 17, 2025
• CVE-2022-48622In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .an...7.8Jan 26, 2024
• CVE-2021-46829GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This over...7.8Jul 24, 2022
• CVE-2021-44648GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.8.8Jan 12, 2022
• CVE-2021-20240A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to...8.8May 28, 2021
• CVE-2005-2975io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.7.8Nov 18, 2005
• CVE-2005-2976Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and ...7.5Nov 18, 2005
• CVE-2005-3186Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory ...7.5Nov 18, 2005
• CVE-2004-0782Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via c...7.5Sep 17, 2004
• CVE-2004-0788Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.5.0Sep 17, 2004
• CVE-2004-0753The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.5.0Sep 17, 2004
• CVE-2004-0783Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary c...7.5Sep 17, 2004
• CVE-2004-0111gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.5.0Sep 1, 2004