CVE-2023-48161 – giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function
https://notcve.org/view.php?id=CVE-2023-48161
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c Vulnerabilidad de desbordamiento del búfer en el proyecto GifLib GifLib v.5.2.1 permite a un atacante local obtener información confidencial a través de la función DumpSCreen2RGB en gif2rgb.c A security flaw related to buffer overflow has been identified in GifLib. This flaw allows a nearby attacker to access sensitive information through the DumpSCreen2RGB function in gif2rgb.c. • https://github.com/tacetool/TACE#cve-2023-48161 https://sourceforge.net/p/giflib/bugs/167 https://access.redhat.com/security/cve/CVE-2023-48161 https://bugzilla.redhat.com/show_bug.cgi?id=2251025 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2023-39742
https://notcve.org/view.php?id=CVE-2023-39742
giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. Se ha descubierto que giflib v5.2.1 contiene un fallo de segmentación a través del componente getarg.c. • https://gist.github.com/huanglei3/ec9090096aa92445cf0a8baa8e929084 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4RLSFGPBPR3FMIUJCWPGVIYIU35YGQX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPNBOB65TEA4ZEPLVENI26BY4LEX7TEF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5WO6WL2TCGO6T4VKGACDIVSZI74WJAU https://sourceforge.net/p/giflib/bugs/166 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-40633
https://notcve.org/view.php?id=CVE-2021-40633
A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file. Una pérdida de memoria (out-of-memory) en gif2rgb en el archivo util/gif2rgb.c en giflib versión 5.1.4, permite a atacantes remotos desencadenar una excepción de fuera de memoria o una denegación de servicio por medio de un archivo con formato gif • https://sourceforge.net/p/giflib/bugs/157 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2022-28506
https://notcve.org/view.php?id=CVE-2022-28506
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. Se presenta un desbordamiento del búfer de la pila en la función DumpScreen2RGB() de GIFLIB versión 5.2.1 en gif2rgb.c:298:45 • https://github.com/verf1sh/Poc/blob/master/asan_report_giflib.png https://github.com/verf1sh/Poc/blob/master/giflib_poc https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4CJSHXBD2RS5OJNWSHQZVMTQCCTIPYS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEAFUZXOOJJVFYRQM6IIJ7LMLEKCCESG https://sourceforge.net/p/giflib/bugs/159 • CWE-787: Out-of-bounds Write •
CVE-2020-23922
https://notcve.org/view.php?id=CVE-2020-23922
An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. Se detectó un problema en giflib versiones hasta 5.1.4. La función DumpScreen2RGB en el archivo gif2rgb.c presenta una lectura excesiva del búfer en la región heap de la memoria • https://cwe.mitre.org/data/definitions/126.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://sourceforge.net/p/giflib/bugs/151 • CWE-125: Out-of-bounds Read •