Bug 1926787 (CVE-2021-20240) - CVE-2021-20240 gdk-pixbuf: integer wraparound in the GIF loader of gdk-pixbuf via crafted input leads to segmentation fault
Summary: CVE-2021-20240 gdk-pixbuf: integer wraparound in the GIF loader of gdk-pixbuf...
Keywords:
Status: NEW
Alias: CVE-2021-20240
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1926790 1928821 1926789
Blocks: 1926792
TreeView+ depends on / blocked
 
Reported: 2021-02-09 13:09 UTC by Marian Rehak
Modified: 2021-02-16 13:54 UTC (History)
11 users (show)

Fixed In Version: gdk-pixbuf 2.42.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in gdk-pixbuf. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Marian Rehak 2021-02-09 13:09:33 UTC
An integer wraparound bug was found in the GIF loader of gdk-pixbuf. Given a crafted input, it will abort with a segmentation fault.

Reference:

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132

Comment 1 Marian Rehak 2021-02-09 13:10:03 UTC
Created gdk-pixbuf2 tracking bugs for this issue:

Affects: fedora-all [bug 1926789]


Created mingw-gdk-pixbuf tracking bugs for this issue:

Affects: fedora-all [bug 1926790]

Comment 2 Riccardo Schirone 2021-02-15 14:57:09 UTC
Vulnerable code seems to be introduced in https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f in upstream version 2.39.2.

Comment 3 Riccardo Schirone 2021-02-15 15:12:04 UTC
Statement:

This issue did not affect the versions of gdk-pixbuf2 as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include the vulnerable code.


Note You need to log in before you can comment on or make changes to this bug.