PT-2019-6327 · Gnome+7 · Gdk-Pixbuf+7

Sahil Dhar

Publicado

2019-11-18

Atualizado

2024-06-15

CVE-2021-44648

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNOME gdk-pixbuf version 2.42.6

Description The issue is related to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. This vulnerability can allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service using a specially crafted GIF file.

Recommendations For GNOME gdk-pixbuf version 2.42.6, consider updating to a newer version that contains a fix for this issue. As a temporary workaround, avoid using the gdk-pixbuf library to decode GIF files with lzw minimum code size equals to 12 until a patch is available. Restrict access to GIF files to minimize the risk of exploitation.

Exploit

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALSA-2023:2216

ALT-PU-2022-1509

BDU:2023-01698

CVE-2021-44648

DSA-5228-1

MGASA-2022-0402

OPENSUSE-SU-2022_3153-1

OPENSUSE-SU-2022_3230-1

OPENSUSE-SU-2024:12296-1

RHSA-2023:2216

RHSA-2023_2216

SUSE-SU-2022:3153-1

SUSE-SU-2022:3230-1

SUSE-SU-2022_3153-1

SUSE-SU-2022_3230-1

USN-5607-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Linuxmint

Red Hat

Suse

Ubuntu

Gdk-Pixbuf

PT-2019-6327 · Gnome+7 · Gdk-Pixbuf+7

CVE-2021-44648

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 49