Bug 1926787 (CVE-2021-20240)

Summary: CVE-2021-20240 gdk-pixbuf: integer wraparound in the GIF loader of gdk-pixbuf via crafted input leads to segmentation fault
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: erik-fedora, fedora, gnome-sig, klember, manisandro, mclasen, otte, rh-spice-bugs, rjones, rschiron, scorneli
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gdk-pixbuf 2.42.0 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in gdk-pixbuf. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-04-18 02:28:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1926789, 1926790, 1928821    
Bug Blocks: 1926792    

Description Marian Rehak 2021-02-09 13:09:33 UTC
An integer wraparound bug was found in the GIF loader of gdk-pixbuf. Given a crafted input, it will abort with a segmentation fault.

Reference:

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132

Comment 1 Marian Rehak 2021-02-09 13:10:03 UTC
Created gdk-pixbuf2 tracking bugs for this issue:

Affects: fedora-all [bug 1926789]


Created mingw-gdk-pixbuf tracking bugs for this issue:

Affects: fedora-all [bug 1926790]

Comment 2 Riccardo Schirone 2021-02-15 14:57:09 UTC
Vulnerable code seems to be introduced in https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f in upstream version 2.39.2.

Comment 3 Riccardo Schirone 2021-02-15 15:12:04 UTC
Statement:

This issue did not affect the versions of gdk-pixbuf2 as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include the vulnerable code.

Comment 10 Product Security DevOps Team 2022-04-18 02:28:43 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-20240