Add CVE-2021-44648/gdk-pixbuf

author: Salvatore Bonaccorso <carnil@debian.org> 2022-01-12 21:25:50 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-01-12 21:25:50 +0100
commit: 3bc61ba65a83c32c20e3de60069a68327efd7a6a (patch)
tree: 59c026c305fcb2210876d338efaa6ec123ebfe23 /data/CVE/list.2021
parent: 0658b9492c1e0f992b43d9aa3917bbae5e4bf73f (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index e220052b7d..83c6330c95 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -4194,7 +4194,9 @@ CVE-2021-44650 (Zoho ManageEngine M365 Manager Plus before Build 4419 allows rem
 CVE-2021-44649 (Django CMS 3.7.3 does not validate the plugin_type parameter while gen ...)
 	TODO: check
 CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulner ...)
-	TODO: check
+	- gdk-pixbuf <unfixed>
+	NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
+	NOTE: https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
 CVE-2021-44647 (Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcname ...)
 	TODO: check
 CVE-2021-44646
author	Salvatore Bonaccorso <carnil@debian.org>	2022-01-12 21:25:50 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-01-12 21:25:50 +0100
commit	3bc61ba65a83c32c20e3de60069a68327efd7a6a (patch)
tree	59c026c305fcb2210876d338efaa6ec123ebfe23 /data/CVE/list.2021
parent	0658b9492c1e0f992b43d9aa3917bbae5e4bf73f (diff)