An integer wraparound bug was found in the GIF loader of gdk-pixbuf. Given a crafted input, it will abort with a segmentation fault.
Created gdk-pixbuf2 tracking bugs for this issue:
Affects: fedora-all [bug 1926789]
Created mingw-gdk-pixbuf tracking bugs for this issue:
Affects: fedora-all [bug 1926790]
Vulnerable code seems to be introduced in https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f in upstream version 2.39.2.
This issue did not affect the versions of gdk-pixbuf2 as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include the vulnerable code.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):