Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 831077 (CVE-2021-44648)

Summary: <x11-libs/gdk-pixbuf-2.42.9: heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files (CVE-2021-44648)
Product: Gentoo Security Reporter: filip ambroz <filip.ambroz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 879807    
Bug Blocks:    

Description filip ambroz 2022-01-12 16:43:40 UTC
The GdkPixbuf library is vulnerable to heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

URLs:
https://nvd.nist.gov/vuln/detail/CVE-2021-44648
https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/

Reproducible: Always
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-16 22:40:21 UTC
Looks like the patch made it into 2.42.9:

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/8ad828c2782355c1747c62b3700bdc052e12e241

Please stabilize when ready.