I’ve just released gdk-pixbuf 2.42.2, which contains a security fix for CVE-2020-29385 in the GIF loading code.
For more information, see: endless loop in the write_indexes function in gdk-pixbuf/lzw.c (from melvin@melvinkool.nl) (#164) · Issues · GNOME / gdk-pixbuf · GitLab
Earlier versions of gdk-pixbuf are not known to be affected.