Source: gdk-pixbuf X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for gdk-pixbuf. CVE-2021-44648[0]: | GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow | vulnerability when decoding the lzw compressed stream of image data in | GIF files with lzw minimum code size equals to 12. https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/ https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/130 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-44648 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44648 Please adjust the affected versions in the BTS as needed.