CVE-2021-46829

gdk-pixbuf: heap-based buffer overflow when compositing or clearing frames in GIF files

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.

GdkPixbuf de GNOME (también se conoce como GDK-PixBuf) versiones anteriores a 2.42.8, permite un desbordamiento del búfer en la región heap de la memoria cuando son compuestos o borran fotogramas en archivos GIF, como es demostrado por el archivo io-gif-animation.c composite_frame. Este desbordamiento es controlable y podría ser abusado para la ejecución de código, especialmente en sistemas de 32 bits

A heap-based buffer overflow vulnerability was found in GNOME GdkPixbuf (aka GDK-PixBuf) when compositing or clearing frames in GIF files. The vulnerability exists due to a boundary error when processing GIF images. This flaw allows an attacker to create a specially crafted GIF image, trick the victim into opening it, triggering an out-of-bounds write, which allows executing arbitrary code on the target system or causing a potential crash.

*Credits: N/A

CVSS Scores

NISTv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-24 CVE Reserved
2022-07-24 CVE Published
2024-03-14 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-190: Integer Overflow or Wraparound
CWE-787: Out-of-bounds Write

CAPEC

References (11)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2022/07/25/1	Mailing List
https://www.openwall.com/lists/oss-security/2022/07/23/1	Mailing List

URL	Date	SRC
https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md	2024-08-04
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190	2024-08-04
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121	2024-08-04

URL	Date	SRC
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512	2023-11-07
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2	2023-11-07

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5IHHEYFD6GDZVALKIPPRD2U4JNZUZWR	2023-11-07
https://www.debian.org/security/2022/dsa-5228	2023-11-07
https://access.redhat.com/security/cve/CVE-2021-46829	2023-05-09
https://bugzilla.redhat.com/show_bug.cgi?id=2114940	2023-05-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnome Search vendor "Gnome"		Gdk-pixbuf Search vendor "Gnome" for product "Gdk-pixbuf"				< 2.42.8 Search vendor "Gnome" for product "Gdk-pixbuf" and version " < 2.42.8"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0"		-		Affected