CVE-2021-46829 : GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overfl

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.

Published 2022-07-24 19:15:10

Updated 2022-10-27 13:30:28

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowMemory Corruption

Products affected by CVE-2021-46829

Debian » Debian Linux » Version: 11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Matching versions
Gnome » Gdk-pixbuf
Versions before (<) 2.42.8
cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-46829

EPSS FAQ

0.41%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 59 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-46829

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-46829

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-46829

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5IHHEYFD6GDZVALKIPPRD2U4JNZUZWR/

[SECURITY] Fedora 35 Update: mingw-gdk-pixbuf-2.42.8-1.fc35 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/07/23/1

oss-security - CVE Request: heap buffer overflow in gdk-pixbuf
Mailing List;Third Party Advisory
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512

Merge branch 'gif-overflow' into 'master' (5398f04d) · Commits · GNOME / gdk-pixbuf · GitLab
Patch;Third Party Advisory
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2

Release GdkPixbuf 2.42.8 (stable) (bca00032) · Commits · GNOME / gdk-pixbuf · GitLab
Patch;Third Party Advisory
https://www.debian.org/security/2022/dsa-5228

Debian -- Security Information -- DSA-5228-1 gdk-pixbuf
Third Party Advisory

CVEs referencing this url
https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md

PoC/CVE-2021-46829.md at master · pedrib/PoC · GitHub
Exploit;Third Party Advisory
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190

Buffer overwrite in io-gif-animation.c composite_frame() (possibly exploitable) (#190) · Issues · GNOME / gdk-pixbuf · GitLab
Exploit;Issue Tracking;Third Party Advisory
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121

gif: Check for overflow when compositing or clearing frames. (!121) · Merge requests · GNOME / gdk-pixbuf · GitLab
Exploit;Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/07/25/1

oss-security - Re: CVE Request: heap buffer overflow in gdk-pixbuf
Mailing List;Third Party Advisory

Jump to

Vulnerability Details : CVE-2021-46829

Products affected by CVE-2021-46829

Exploit prediction scoring system (EPSS) score for CVE-2021-46829

CVSS scores for CVE-2021-46829

CWE ids for CVE-2021-46829

References for CVE-2021-46829