Multiple integer overflows in the (1) pixopscompositenearest, (2) pixopscompositecolornearest, and (3) pixopsprocess functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.