CyberSec.Space Logo
Back to CVE Browser

CVE-2021-44648

HIGH
8.8
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile7.28th
PublishedJan 12, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

Affected Platforms (CPE)

πŸ“¦
Gnome

Gdkpixbuf

= 2.42.6
πŸ’»
Fedoraproject

Fedora

= 34
πŸ’»
Fedoraproject

Fedora

= 35
πŸ’»
Debian

Debian Linux

= 11.0

References & Advisories

πŸ”— https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEVTOGIJITK2N5AOOLKKMDIICZDQE6CH/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEKBMOO52RXONWKB6ZKKHTVPLF6WC3KF/
πŸ”— https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
πŸ”— https://www.debian.org/security/2022/dsa-5228
πŸ”— https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEVTOGIJITK2N5AOOLKKMDIICZDQE6CH/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEKBMOO52RXONWKB6ZKKHTVPLF6WC3KF/

Related Vulnerabilities

CVE-2017-124477.8

GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial ...

CVE-2021-468297.8

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF file...

CVE-2020-293855.5

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. ...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...