QwikSec

Security Database

CVE

CWE

Training

CVE-2021-46829

Published: Jul 24, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190

x_refsource_MISC

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121

x_refsource_MISC

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2

x_refsource_MISC

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2022/07/23/1

x_refsource_MISC

[oss-security] 20220725 Re: CVE Request: heap buffer overflow in gdk-pixbuf

mailing-list

x_refsource_MLIST

https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md

x_refsource_MISC

FEDORA-2022-7254ec5e96

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.