Bug 1182410 (CVE-2021-20240) - VUL-0: CVE-2021-20240: gdk-pixbuf: integer wraparound in the GIF loader
Summary: VUL-0: CVE-2021-20240: gdk-pixbuf: integer wraparound in the GIF loader
Status: RESOLVED FIXED
Alias: CVE-2021-20240
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P2 - High : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/277977/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-20240:8.1:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-18 09:38 UTC by Alexandros Toptsoglou
Modified: 2024-05-22 14:37 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2021-02-18 09:38:50 UTC 
CVE-2021-20240

An integer wraparound bug was found in the GIF loader of gdk-pixbuf. Given a crafted input, it will abort with a segmentation fault.

Reference:

https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1926787
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20240
https://access.redhat.com/security/cve/CVE-2021-20240
Comment 1 Alexandros Toptsoglou 2021-02-18 09:44:12 UTC 
The issue seems to have been introduced in version 2.39.2 in commit [1] and fixed in version 2.42 with commits [2]. Instructions for POC at the upstream issue at [3].

Tracked as affected only SLE15-SP2. Factory already ships a fixed version. 

[1] https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f
[2] https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e
[3]https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132
Comment 4 Alynx Zhou 2021-03-01 09:52:00 UTC 
Looks like already fixed by @zcjia in https://bugzilla.suse.com/show_bug.cgi?id=1174307?
Comment 5 Alynx Zhou 2021-03-04 08:33:07 UTC 
Assign back because patch already here
Comment 7 Andrea Mattiazzo 2024-05-22 14:37:32 UTC 
All done, closing.