CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-44648

HIGH
8.8
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile7.28th
Published2022年1月12日
Last Modified2024年11月21日

Vulnerability Description

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

Affected Platforms (CPE)

📦
Gnome

Gdkpixbuf

= 2.42.6
💻
Fedoraproject

Fedora

= 34
💻
Fedoraproject

Fedora

= 35
💻
Debian

Debian Linux

= 11.0

References & Advisories

🔗 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEVTOGIJITK2N5AOOLKKMDIICZDQE6CH/
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEKBMOO52RXONWKB6ZKKHTVPLF6WC3KF/
🔗 https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
🔗 https://www.debian.org/security/2022/dsa-5228
🔗 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEVTOGIJITK2N5AOOLKKMDIICZDQE6CH/
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEKBMOO52RXONWKB6ZKKHTVPLF6WC3KF/

相关漏洞威胁

CVE-2017-124477.8

GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial ...

CVE-2021-468297.8

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF file...

CVE-2020-293855.5

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. ...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...