Bug 1182410 - (CVE-2021-20240) VUL-0: CVE-2021-20240: gdk-pixbuf: integer wraparound in the GIF loader
(CVE-2021-20240)
VUL-0: CVE-2021-20240: gdk-pixbuf: integer wraparound in the GIF loader
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/277977/
CVSSv3.1:SUSE:CVE-2021-20240:8.1:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-02-18 09:38 UTC by Alexandros Toptsoglou
Modified: 2022-01-13 15:45 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2021-02-18 09:38:50 UTC
CVE-2021-20240

An integer wraparound bug was found in the GIF loader of gdk-pixbuf. Given a crafted input, it will abort with a segmentation fault.

Reference:

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1926787
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20240
https://access.redhat.com/security/cve/CVE-2021-20240
Comment 1 Alexandros Toptsoglou 2021-02-18 09:44:12 UTC
The issue seems to have been introduced in version 2.39.2 in commit [1] and fixed in version 2.42 with commits [2]. Instructions for POC at the upstream issue at [3].

Tracked as affected only SLE15-SP2. Factory already ships a fixed version. 

[1] https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f
[2] https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e
[3]https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132
Comment 4 Alynx Zhou 2021-03-01 09:52:00 UTC
Looks like already fixed by @zcjia in https://bugzilla.suse.com/show_bug.cgi?id=1174307?
Comment 5 Alynx Zhou 2021-03-04 08:33:07 UTC
Assign back because patch already here