cbcvebase.
CVE-2021-20240
published 2021-05-28

CVE-2021-20240: A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded…

PriorityP349high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
2.35%
81.5th percentile
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected

9 ranges
VendorProductVersion rangeFixed in
debiangdk-pixbuf< gdk-pixbuf 2.42.2+dfsg-1 (bookworm)gdk-pixbuf 2.42.2+dfsg-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
gnomegdk-pixbuf< 2.39.22.39.2
gnomegdk-pixbuf
gnomegdk-pixbuf>= 0 < 2.42.2+dfsg-12.42.2+dfsg-1
gnomegdk-pixbuf>= 0 < 2.42.2+dfsg-12.42.2+dfsg-1
gnomegdk-pixbuf>= 0 < 2.42.2+dfsg-12.42.2+dfsg-1
gnomegdk-pixbuf>= 0 < 2.42.2+dfsg-12.42.2+dfsg-1

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.08.3HIGHAV:N/AC:M/Au:N/C:P/I:P/A:C
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.