CVE-2021-20240

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions gdk-pixbuf versions prior to 2.42.0

Description A flaw in gdk-pixbuf can cause an integer wraparound leading to an out of bounds write when a crafted GIF image is loaded. This may allow an attacker to crash applications or potentially execute code on the victim system, posing a threat to data confidentiality and integrity as well as system availability.

Recommendations For versions prior to 2.42.0, update to version 2.42.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted GIF images until a patch is applied. Restrict access to sensitive data and systems to minimize the risk of exploitation.

Fix

Integer Underflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191CWE-787

Related Identifiers

ALT-PU-2020-3354

BDU:2021-04598

CVE-2021-20240

OESA-2022-1762

USN-4743-1

Affected Products

Alt Linux

Linuxmint

Red Os

Ubuntu

Gdk-Pixbuf

CVE-2021-20240

Weakness Enumeration

Related Identifiers

Affected Products

References · 26