Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-28506
HistoryApr 25, 2022 - 12:00 a.m.

CVE-2022-28506

2022-04-2500:00:00
ubuntu.com
ubuntu.com
35

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

36.0%

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB()
in gif2rgb.c:298:45.

Bugs

Notes

Author Note
mdeslaur invalid read of size 1, denial of service only
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchgiflib< 5.1.4-2ubuntu0.1+esm1UNKNOWN
ubuntu20.04noarchgiflib< 5.1.9-1ubuntu0.1UNKNOWN
ubuntu22.04noarchgiflib< 5.1.9-2ubuntu0.1UNKNOWN
ubuntu23.10noarchgiflib< 5.2.1-2.5ubuntu0.1UNKNOWN
ubuntu16.04noarchgiflib< 5.1.4-0.3~16.04.1+esm1UNKNOWN

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

36.0%