{"api_version":"1","generated_at":"2026-04-23T01:00:00+00:00","cve":"CVE-2021-20240","urls":{"html":"https://cve.report/CVE-2021-20240","api":"https://cve.report/api/cve/CVE-2021-20240.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-20240","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-20240"},"summary":{"title":"CVE-2021-20240","description":"A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-05-28 11:15:00","updated_at":"2023-11-07 03:29:00"},"problem_types":["CWE-191"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/","name":"FEDORA-2021-755ba8968a","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: mingw-gdk-pixbuf-2.42.2-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/","name":"FEDORA-2021-2e59756cbe","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: gdk-pixbuf2-2.42.2-2.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/","name":"FEDORA-2021-c918632e13","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: mingw-gdk-pixbuf-2.42.2-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1926787","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1926787","refsource":"MISC","tags":[],"title":"1926787 – (CVE-2021-20240) CVE-2021-20240 gdk-pixbuf: integer wraparound in the GIF loader of gdk-pixbuf via crafted input leads to segmentation fault","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/","name":"FEDORA-2021-2e59756cbe","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: gdk-pixbuf2-2.42.2-2.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/","name":"FEDORA-2021-755ba8968a","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: mingw-gdk-pixbuf-2.42.2-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/","name":"FEDORA-2021-c918632e13","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: mingw-gdk-pixbuf-2.42.2-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-20240","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20240","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"20240","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20240","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20240","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"gdk-pixbuf","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-20240","qid":"180557","title":"Debian Security Update for gdk-pixbuf (CVE-2021-20240)"},{"cve":"CVE-2021-20240","qid":"281529","title":"Fedora Security Update for mingw (FEDORA-2021-755ba8968a)"},{"cve":"CVE-2021-20240","qid":"281530","title":"Fedora Security Update for mingw (FEDORA-2021-c918632e13)"},{"cve":"CVE-2021-20240","qid":"296053","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 35.94.4 Missing (CPUJUL2021)"},{"cve":"CVE-2021-20240","qid":"500200","title":"Alpine Linux Security Update for gdk-pixbuf"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-20240","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"gdk-pixbuf","version":{"version_data":[{"version_value":"gdk-pixbuf 2.42.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-191->CWE-787"}]}]},"references":{"reference_data":[{"refsource":"FEDORA","name":"FEDORA-2021-2e59756cbe","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/"},{"refsource":"FEDORA","name":"FEDORA-2021-755ba8968a","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/"},{"refsource":"FEDORA","name":"FEDORA-2021-c918632e13","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/"},{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1926787","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1926787"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]}},"nvd":{"publishedDate":"2021-05-28 11:15:00","lastModifiedDate":"2023-11-07 03:29:00","problem_types":["CWE-191"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE","baseScore":8.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":8.5,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*","versionEndExcluding":"2.42.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"20240","Ordinal":"194281","Title":"CVE-2021-20240","CVE":"CVE-2021-20240","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"20240","Ordinal":"1","NoteData":"A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"20240","Ordinal":"2","NoteData":"2021-05-28","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"20240","Ordinal":"3","NoteData":"2021-05-28","Type":"Other","Title":"Modified"}]}}}