CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48161 – giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function
https://notcve.org/view.php?id=CVE-2023-48161
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c Vulnerabilidad de desbordamiento del búfer en el proyecto GifLib GifLib v.5.2.1 permite a un atacante local obtener información confidencial a través de la función DumpSCreen2RGB en gif2rgb.c A security flaw related to buffer overflow has been identified in GifLib. This flaw allows a nearby attacker to access sensitive information through the DumpSCreen2RGB function in gif2rgb.c. • https://github.com/tacetool/TACE#cve-2023-48161 https://sourceforge.net/p/giflib/bugs/167 https://access.redhat.com/security/cve/CVE-2023-48161 https://bugzilla.redhat.com/show_bug.cgi?id=2251025 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39742
https://notcve.org/view.php?id=CVE-2023-39742
giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. Se ha descubierto que giflib v5.2.1 contiene un fallo de segmentación a través del componente getarg.c. • https://gist.github.com/huanglei3/ec9090096aa92445cf0a8baa8e929084 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4RLSFGPBPR3FMIUJCWPGVIYIU35YGQX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPNBOB65TEA4ZEPLVENI26BY4LEX7TEF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5WO6WL2TCGO6T4VKGACDIVSZI74WJAU https://sourceforge.net/p/giflib/bugs/166 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 3CVE-2022-28506
https://notcve.org/view.php?id=CVE-2022-28506
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. Se presenta un desbordamiento del búfer de la pila en la función DumpScreen2RGB() de GIFLIB versión 5.2.1 en gif2rgb.c:298:45 • https://github.com/verf1sh/Poc/blob/master/asan_report_giflib.png https://github.com/verf1sh/Poc/blob/master/giflib_poc https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4CJSHXBD2RS5OJNWSHQZVMTQCCTIPYS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEAFUZXOOJJVFYRQM6IIJ7LMLEKCCESG https://sourceforge.net/p/giflib/bugs/159 • CWE-787: Out-of-bounds Write •