GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44648 http://www.cvedetails.com/cve/CVE-2021-44648/ https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136 https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
Created gdk-pixbuf2 tracking bugs for this issue: Affects: fedora-all [bug 2046622]
Created mingw-gdk-pixbuf tracking bugs for this issue: Affects: fedora-all [bug 2049411]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2216 https://access.redhat.com/errata/RHSA-2023:2216
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-44648