vulnerability

Red Hat: CVE-2021-46829: heap-based buffer overflow when compositing or clearing frames in GIF files (Multiple Advisories)

Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
2022-07-24
Added
2023-05-15
Modified
2025-01-28

Description

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.

Solution(s)

redhat-upgrade-gdk-pixbuf2redhat-upgrade-gdk-pixbuf2-debuginforedhat-upgrade-gdk-pixbuf2-debugsourceredhat-upgrade-gdk-pixbuf2-develredhat-upgrade-gdk-pixbuf2-devel-debuginforedhat-upgrade-gdk-pixbuf2-modulesredhat-upgrade-gdk-pixbuf2-modules-debuginforedhat-upgrade-gdk-pixbuf2-tests-debuginfo
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.