CVE-2021-44648: Buffer Overflow
First published: Wed Jan 12 2022(Updated: )
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/gdk-pixbuf | 2.38.1+dfsg-1 2.42.2+dfsg-1+deb11u1 2.42.10+dfsg-1 | |
| GNOME GdkPixbuf | =2.42.6 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Debian Debian Linux | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2021-44648
- https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/130
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44648
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014600
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/b88f1ce91a610a4e491a4ad6352183791e78afac
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/76eda67dbc3f48c9dd6815a5aaf6014ea4a16771
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/0cf97225c9c227d11fc4ddf9cba8e8480672ee1b
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/19ebba03117aefc9d0312f675f3a210ffdcc4907
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/449441210921c8ed417b0c4d5edbccd2d57e23f8
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEVTOGIJITK2N5AOOLKKMDIICZDQE6CH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEKBMOO52RXONWKB6ZKKHTVPLF6WC3KF/
- https://www.debian.org/security/2022/dsa-5228
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEKBMOO52RXONWKB6ZKKHTVPLF6WC3KF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEVTOGIJITK2N5AOOLKKMDIICZDQE6CH/
Frequently Asked Questions
What is CVE-2021-44648?
CVE-2021-44648 is a vulnerability in GNOME gdk-pixbuf 2.42.6 that allows for a heap-buffer overflow when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
What is the severity of CVE-2021-44648?
CVE-2021-44648 has a severity rating of 8.8 (high).
Which software versions are affected by CVE-2021-44648?
GNOME gdk-pixbuf 2.42.6, Fedoraproject Fedora 34 and 35, and Debian Debian Linux 11.0 are affected by CVE-2021-44648.
How can I fix CVE-2021-44648?
To fix CVE-2021-44648, update gdk-pixbuf to version 2.38.1+dfsg-1, 2.42.2+dfsg-1+deb11u1, or 2.42.10+dfsg-1.
Where can I find more information about CVE-2021-44648?
You can find more information about CVE-2021-44648 at the following references: [1] [2] [3].
- collector/debian-bugs
- alias/CVE-2021-44648
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/gnome
- canonical/gnome gdkpixbuf
- version/gnome gdkpixbuf/2.42.6
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/11.0