CVE-2021-20240

CVE-2021-20240

Name

CVE-2021-20240

Description

A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=1926787
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/

Type

URI

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1926787

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gnome:gdk-pixbuf::::::::`	gdk-pixbuf	>= None	< 2.42.0
`cpe:2.3:a:gnome:gdk-pixbuf::::::::`	gdk-pixbuf	>= None	< 2.39.2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*

gdk-pixbuf

>= None

< 2.42.0

cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*

gdk-pixbuf

>= None

< 2.39.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
gdk-pixbuf	3.10-main	2.38.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
gdk-pixbuf	3.12-main	2.40.0-r4	Rasmus Thomsen <oss@cogitri.dev>	fixed
gdk-pixbuf	3.11-main	2.40.0-r2	Rasmus Thomsen <oss@cogitri.dev>	fixed

Source package

Branch

Version

Maintainer

Status

gdk-pixbuf

3.10-main

2.38.1-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

gdk-pixbuf

3.12-main