GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512 https://www.openwall.com/lists/oss-security/2022/07/23/1 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121 http://www.openwall.com/lists/oss-security/2022/07/25/1 https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md
Created gdk-pixbuf2 tracking bugs for this issue: Affects: fedora-all [bug 2114942] Created mingw-gdk-pixbuf tracking bugs for this issue: Affects: fedora-all [bug 2114943]
Statement: Red Hat Enterprise Linux - 6, 7, 8 are not affected, because there is no presence of vulnerable function/code in our code-base.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2216 https://access.redhat.com/errata/RHSA-2023:2216
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-46829