CVE-2021-20240

A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published: May 28, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-20240
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 8.3
AV:N/AC:M/Au:N/C:P/I:P/A:C

CWEs:

CWE-787
CWE-191

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x
gnome / gdk-pixbuf	-	2.39.2

https://bugzilla.redhat.com/show_bug.cgi?id=1926787
https://lists.fedoraproject.org/archives/list/[email protected]/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/
https://lists.fedoraproject.org/archives/list/[email protected]/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/
https://lists.fedoraproject.org/archives/list/[email protected]/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/

Vulnerability Database

289,599

CVE-2021-20240