Bug#1014600: gdk-pixbuf: CVE-2021-44648
Moritz Mühlenhoff
jmm at inutil.org
Fri Jul 8 15:33:06 BST 2022
Source: gdk-pixbuf
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gdk-pixbuf.
CVE-2021-44648[0]:
| GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow
| vulnerability when decoding the lzw compressed stream of image data in
| GIF files with lzw minimum code size equals to 12.
https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/130
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-44648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44648
Please adjust the affected versions in the BTS as needed.
More information about the pkg-gnome-maintainers
mailing list