ROSA LABROSA-SA-2021-1842Advisory ROSA-SA-2021-1842
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
7.4 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
59.9%
Software: giflib 4.1.6
OS: Cobalt 7.9
CVE-ID: CVE-2015-7555
CVE-Crit: MEDIUM
CVE-DESC: Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via the created image and logical screen width fields in a GIF file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2019-15133
CVE-Crit: MEDIUM
CVE-DESC: In GIFLIB before 2/16/2019, a garbled GIF file causes a divide-by-zero exception in the DGifSlurp decoder function in dgif_lib.c if the ImageSize data structure height field is zero.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-23922
CVE-Crit: HIGH
CVE-DESC: problem was discovered in giflib via 5.1.4. DumpScreen2RGB in gif2rgb.c has an excessive heap-based buffer read.
CVE-STATUS: default
CVE-REV: default
Related
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
7.4 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
59.9%