CVE-2021-20240
published 2021-05-28CVE-2021-20240: A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded…
PriorityP349high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
2.35%
81.5th percentile
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdk-pixbuf | < gdk-pixbuf 2.42.2+dfsg-1 (bookworm) | gdk-pixbuf 2.42.2+dfsg-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gnome | gdk-pixbuf | < 2.39.2 | 2.39.2 |
| gnome | gdk-pixbuf | — | — |
| gnome | gdk-pixbuf | >= 0 < 2.42.2+dfsg-1 | 2.42.2+dfsg-1 |
| gnome | gdk-pixbuf | >= 0 < 2.42.2+dfsg-1 | 2.42.2+dfsg-1 |
| gnome | gdk-pixbuf | >= 0 < 2.42.2+dfsg-1 | 2.42.2+dfsg-1 |
| gnome | gdk-pixbuf | >= 0 < 2.42.2+dfsg-1 | 2.42.2+dfsg-1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.08.3HIGHAV:N/AC:M/Au:N/C:P/I:P/A:C
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GDK-PixBuf vulnerability
vendor_ubuntu·2021-02-22
CVE-2021-20240 GDK-PixBuf vulnerability
Title: GDK-PixBuf vulnerability
Summary: GDK-PixBuf could be made to crash if it opened a specially crafted file.
It was discovered that the GDK-PixBuf library did not properly handle
certain GIF images. If an user or automated system were tricked into
opening a specially crafted GIF file, a remote attacker could use this flaw
to cause GDK-PixBuf to crash, resulting in a denial of service.
Instructions: After a standard system update you need to restart your session to make all
the necessary changes.
Red Hat
gdk-pixbuf: integer wraparound in the GIF loader of gdk-pixbuf via crafted input leads to segmentation fault
vendor_redhat·2021-01-19·CVSS 8.8
CVE-2021-20240 [HIGH] CWE-191 gdk-pixbuf: integer wraparound in the GIF loader of gdk-pixbuf via crafted input leads to segmentation fault
gdk-pixbuf: integer wraparound in the GIF loader of gdk-pixbuf via crafted input leads to segmentation fault
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in gdk-pixbuf. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integ
Debian
CVE-2021-20240: gdk-pixbuf - A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound ...
vendor_debian·2021·CVSS 8.8
CVE-2021-20240 [HIGH] CVE-2021-20240: gdk-pixbuf - A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound ...
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Scope: local
bookworm: resolved (fixed in 2.42.2+dfsg-1)
bullseye: resolved (fixed in 2.42.2+dfsg-1)
forky: resolved (fixed in 2.42.2+dfsg-1)
sid: resolved (fixed in 2.42.2+dfsg-1)
trixie: resolved (fixed in 2.42.2+dfsg-1)
GHSA
GHSA-cjqx-m2ff-vgj5: A flaw was found in gdk-pixbuf in versions before 2
ghsa_unreviewed·2022-05-24
CVE-2021-20240 [HIGH] CWE-191 GHSA-cjqx-m2ff-vgj5: A flaw was found in gdk-pixbuf in versions before 2
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
OSV
CVE-2021-20240: A flaw was found in gdk-pixbuf in versions before 2
osv·2021-05-28·CVSS 8.8
CVE-2021-20240 [HIGH] CVE-2021-20240: A flaw was found in gdk-pixbuf in versions before 2
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=1926787https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/https://bugzilla.redhat.com/show_bug.cgi?id=1926787https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/
2021-05-28
Published