CVE-2021-20240Integer Underflow (Wrap or Wraparound) in Gdk-pixbuf

CWE-191Integer Underflow (Wrap or Wraparound)CWE-787Out-of-bounds Write7 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.8%
top 26.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gnome Gdk-pixbufFedoraproject Fedora
Timeline
PublishedMay 28
Latest updateMay 24

Description

A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDgnome/gdk-pixbuf< 2.39.2
Debiangnome/gdk-pixbuf< 2.42.2+dfsg-1+3
CVEListV5gnome/gdk-pixbufgdk-pixbuf 2.42.0

Also affects: Fedora 33, 34

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-cjqx-m2ff-vgj5: A flaw was found in gdk-pixbuf in versions before 22022-05-24
OSV
CVE-2021-20240: A flaw was found in gdk-pixbuf in versions before 22021-05-28
CVEList
CVE-2021-20240: A flaw was found in gdk-pixbuf in versions before 22021-05-28

📋Vendor Advisories

3
Ubuntu
GDK-PixBuf vulnerability2021-02-22
Red Hat
gdk-pixbuf: integer wraparound in the GIF loader of gdk-pixbuf via crafted input leads to segmentation fault2021-01-19
Debian
CVE-2021-20240: gdk-pixbuf - A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound ...2021
CVE-2021-20240 — Integer Underflow (Wrap or Wraparound) | cvebase