Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-44648

Published: 12 January 2022

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

Priority

Medium

Cvss 3 Severity Score

8.8

Score breakdown

Status

Package Release Status
gdk-pixbuf
Launchpad, Ubuntu, Debian
jammy
Released (2.42.8+dfsg-1ubuntu0.1)
xenial Not vulnerable
(code not present)
trusty Does not exist

upstream Needed

hirsute Ignored
(end of life)
bionic Not vulnerable
(code not present)
impish Ignored
(end of life)
focal
Released (2.40.0+dfsg-3ubuntu0.4)
kinetic Not vulnerable

Patches:
upstream: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/8ad828c2782355c1747c62b3700bdc052e12e241

Severity score breakdown

Parameter Value
Base score 8.8
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H