gdk-pixbuf: integer underflow in the GIF loader (CVE-2021-20240)
Integer underflow in the GIF loader of gdk-pixbuf via crafted input leads to segmentation fault.
Fixed In Version:
gdk-pixbuf 2.42.0
References:
- https://security-tracker.debian.org/tracker/CVE-2021-20240 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132
- Vulnerable code introduced in https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f (2.39.2)
Patch:
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/80704d84055d8f33cd66824d78d16b89fc45db45