Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2
allows remote attackers to cause a denial of service (application crash)
via the background color index in a GIF file.
Author | Note |
---|---|
sbeattie | out of bounds read |
mdeslaur | looks like this was fixed in 5.1.4-0.3 but then the patch got dropped again in 5.1.4-0.4 although it’s still needed, contrary to the note in the changelog |