CVE-2021-20240: Integer Underflow
First published: Tue Feb 09 2021(Updated: )
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME gdk-pixbuf | <2.42.0 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 | |
| redhat/gdk-pixbuf | <2.42.0 | 2.42.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1926787
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1926789
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1926790
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/80704d84055d8f33cd66824d78d16b89fc45db45
- https://access.redhat.com/security/cve/cve-2021-20240
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/
Frequently Asked Questions
What is CVE-2021-20240?
CVE-2021-20240 is a vulnerability in gdk-pixbuf that can lead to an out-of-bounds write and potential code execution when loading a crafted GIF image.
What is the severity of CVE-2021-20240?
CVE-2021-20240 has a severity rating of 8.8 (high).
How does CVE-2021-20240 affect GNOME gdk-pixbuf?
CVE-2021-20240 affects GNOME gdk-pixbuf versions before 2.42.0.
How does CVE-2021-20240 impact Fedora?
Fedora versions 33 and 34 are affected by CVE-2021-20240.
How can I fix CVE-2021-20240?
To fix CVE-2021-20240, update gdk-pixbuf to version 2.42.0 or later.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/remedy
- agent/severity
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-20240
- agent/software-canonical-lookup
- agent/tags
- agent/trending
- vendor/gnome
- canonical/gnome gdk-pixbuf
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- package-manager/redhat