Lucene search

Gentoo FoundationMGASA-2018-0280

HistoryJun 14, 2018 - 9:14 p.m.

Updated gifsicle package fixes security vulnerability

2018-06-1421:14:36

Gentoo Foundation

advisories.mageia.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.1%

JSON

Updated gifsicle package fixes security vulnerability: A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled (CVE-2017-18120).

OSVersionArchitecturePackageVersionFilename
Mageia6noarchgifsicle< 1.88-1.2gifsicle-1.88-1.2.mga6

OS	Version	Architecture	Package	Version	Filename
Mageia	6	noarch	gifsicle	< 1.88-1.2	gifsicle-1.88-1.2.mga6

References

bugs.mageia.org/show_bug.cgi?id=23134

lists.fedoraproject.org/archives/list/[email protected]/thread/BGGLSEKCDM2OZ67XRI7KOASI4G7PRUX2/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.1%

JSON

Related for MGASA-2018-0280