Your submission was sent successfully! Close

CVE-2021-46829

Published: 24 July 2022

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.

Notes

AuthorNote
amurray
as per advisory, affects versions <= 2.42.6
Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
gdk-pixbuf
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (2.40.0+dfsg-3ubuntu0.3)
jammy Not vulnerable
(2.42.8+dfsg-1)
trusty Not vulnerable
(code not present)
upstream Not vulnerable
(2.42.8+dfsg-1)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/diffs
upstream: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/6976bdc8ee9dd2c2954f91066f7b0f643769a379