Vulnerability Details CVE-2021-44648
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEVTOGIJITK2N5AOOLKKMDIICZDQE6CH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEKBMOO52RXONWKB6ZKKHTVPLF6WC3KF/
- https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
- https://www.debian.org/security/2022/dsa-5228
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEVTOGIJITK2N5AOOLKKMDIICZDQE6CH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEKBMOO52RXONWKB6ZKKHTVPLF6WC3KF/
- https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
- https://www.debian.org/security/2022/dsa-5228
Products affected by CVE-2021-44648
-
cpe:2.3:a:gnome:gdkpixbuf:2.42.6
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:fedoraproject:fedora:34
-
cpe:2.3:o:fedoraproject:fedora:35