An integer wraparound bug was found in the GIF loader of gdk-pixbuf. Given a crafted input, it will abort with a segmentation fault. Reference: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132
Created gdk-pixbuf2 tracking bugs for this issue: Affects: fedora-all [bug 1926789] Created mingw-gdk-pixbuf tracking bugs for this issue: Affects: fedora-all [bug 1926790]
Vulnerable code seems to be introduced in https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f in upstream version 2.39.2.
Statement: This issue did not affect the versions of gdk-pixbuf2 as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include the vulnerable code.
Upstream fix: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/80704d84055d8f33cd66824d78d16b89fc45db45
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-20240