Unrated severityNVD Advisory· Published Jul 24, 2022· Updated Aug 4, 2024
CVE-2021-46829
CVE-2021-46829
Description
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
Affected products
12- GNOME/GdkPixbufdescription
- osv-coords11 versionspkg:rpm/almalinux/gdk-pixbuf2pkg:rpm/almalinux/gdk-pixbuf2-develpkg:rpm/almalinux/gdk-pixbuf2-modulespkg:rpm/opensuse/gdk-pixbuf&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/gdk-pixbuf&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/gdk-pixbuf&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/gdk-pixbuf&distro=openSUSE%20Tumbleweedpkg:rpm/suse/gdk-pixbuf&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/gdk-pixbuf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/gdk-pixbuf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/gdk-pixbuf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3
< 2.42.6-3.el9+ 10 more
- (no CPE)range: < 2.42.6-3.el9
- (no CPE)range: < 2.42.6-3.el9
- (no CPE)range: < 2.42.6-3.el9
- (no CPE)range: < 2.40.0-150200.3.6.1
- (no CPE)range: < 2.42.8-150400.5.3.1
- (no CPE)range: < 2.40.0-150200.3.6.1
- (no CPE)range: < 2.42.8-2.1
- (no CPE)range: < 2.40.0-150200.3.6.1
- (no CPE)range: < 2.40.0-150200.3.6.1
- (no CPE)range: < 2.42.8-150400.5.3.1
- (no CPE)range: < 2.40.0-150200.3.6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5IHHEYFD6GDZVALKIPPRD2U4JNZUZWR/mitrevendor-advisoryx_refsource_FEDORA
- www.debian.org/security/2022/dsa-5228mitrevendor-advisoryx_refsource_DEBIAN
- www.openwall.com/lists/oss-security/2022/07/25/1mitremailing-listx_refsource_MLIST
- github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.mdmitrex_refsource_MISC
- gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512mitrex_refsource_MISC
- gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2mitrex_refsource_MISC
- gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190mitrex_refsource_MISC
- gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121mitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2022/07/23/1mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.