Integer Wraparound Vulnerability in gdk-pixbuf Affects Multiple Platforms
CVE-2021-20240

8.8HIGH

Key Information:

Vendor: Gnome
Status: Gdk-pixbuf
Vendor: CVE Published:; 28 May 2021

What is CVE-2021-20240?

A vulnerability exists in gdk-pixbuf that may allow an attacker to exploit an integer wraparound issue when processing specially crafted GIF images. This flaw can lead to out-of-bounds writes, potentially leading to application crashes or allowing malicious code execution on the target system. The risk associated with this vulnerability primarily concerns data integrity and confidentiality, as well as overall system availability, making it crucial for users and administrators to apply updates promptly.

Affected Version(s)

gdk-pixbuf gdk-pixbuf 2.42.0

References

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2021
Vulnerability Reserved
Dec 17, 2020

Gnome

What is CVE-2021-20240?

Affected Version(s)

References

CVSS V3.1

Timeline