Ubuntu.comUB:CVE-2021-20240CVE-2021-20240
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
0.003 Low
EPSS
Percentile
65.6%
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer
wraparound leading to an out of bounds write can occur when a crafted GIF
image is loaded. An attacker may cause applications to crash or could
potentially execute code on the victim system. The highest threat from this
vulnerability is to data confidentiality and integrity as well as system
availability.
Bugs
- <https://bugzilla.redhat.com/show_bug.cgi?id=1926787>
- <https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132>
Notes
| Author | Note |
|---|---|
| mdeslaur | vulnerable code introduced in: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 20.04 | noarch | gdk-pixbuf | < 2.40.0+dfsg-3ubuntu0.2 | UNKNOWN |
| ubuntu | 20.10 | noarch | gdk-pixbuf | < 2.40.0+dfsg-5ubuntu0.2 | UNKNOWN |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
0.003 Low
EPSS
Percentile
65.6%