CVE-2021-46829
Published
CVSS v3
7.8
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
Advisories, proof of concept files and exploits that have been made public by @pedrib.
GitHub