Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
https://security.gentoo.org/glsa/201709-08
https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html
https://bugzilla.gnome.org/show_bug.cgi?id=779016
http://www.securityfocus.com/bid/96779
http://www.openwall.com/lists/oss-security/2017/02/26/1