GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
Created gdk-pixbuf2 tracking bugs for this issue:
Affects: fedora-all [bug 2114942]
Created mingw-gdk-pixbuf tracking bugs for this issue:
Affects: fedora-all [bug 2114943]
Statement: Red Hat Enterprise Linux - 6, 7, 8 are not affected, because there is no presence of vulnerable function/code in our code-base.