PT-2019-6327 · Gnome+7 · Gdk-Pixbuf+7

Sahil Dhar

Published

2019-11-18

Updated

2024-06-15

CVE-2021-44648

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNOME gdk-pixbuf version 2.42.6

Description The issue is related to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. This vulnerability can allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service using a specially crafted GIF file.

Recommendations For GNOME gdk-pixbuf version 2.42.6, consider updating to a newer version that contains a fix for this issue. As a temporary workaround, avoid using the gdk-pixbuf library to decode GIF files with lzw minimum code size equals to 12 until a patch is available. Restrict access to GIF files to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2023:2216

ALT-PU-2022-1509

BDU:2023-01698

CVE-2021-44648

DSA-5228-1

MGASA-2022-0402

OPENSUSE-SU-2022_3153-1

OPENSUSE-SU-2022_3230-1

OPENSUSE-SU-2024:12296-1

RHSA-2023:2216

RHSA-2023_2216

SUSE-SU-2022:3153-1

SUSE-SU-2022:3230-1

SUSE-SU-2022_3153-1

SUSE-SU-2022_3230-1

USN-5607-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Linuxmint

Red Hat

Suse

Ubuntu

Gdk-Pixbuf

PT-2019-6327 · Gnome+7 · Gdk-Pixbuf+7

CVE-2021-44648

Weakness Enumeration

Related Identifiers

Affected Products

References · 49