Lucene search

Veracode Vulnerability DatabaseVERACODE:37806

HistoryNov 03, 2022 - 12:08 p.m.

Buffer Overflow

2022-11-0312:08:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

36.1%

JSON

giflib is vulnerable to heap-based buffer overflow. The vulnerability exists in function DumpScreen2RGB() in gif2rgb.c which allows an attacker to cause a buffer overflow.

CPENameOperatorVersion
giflib:edgeeq5.2.1-r0
giflib:edgeeq5.2.1-r1
giflib:edgeeq5.2.1-r0
giflib:edgeeq5.2.1-r1
giflib:3.17eq5.2.1-r1

Name	Operator	Version
giflib:edge	eq	5.2.1-r0
giflib:edge	eq	5.2.1-r1
giflib:edge	eq	5.2.1-r0
giflib:edge	eq	5.2.1-r1
giflib:3.17	eq	5.2.1-r1

References

github.com/verf1sh/Poc/blob/master/asan_report_giflib.png

github.com/verf1sh/Poc/blob/master/giflib_poc

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4CJSHXBD2RS5OJNWSHQZVMTQCCTIPYS/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEAFUZXOOJJVFYRQM6IIJ7LMLEKCCESG/

lists.fedoraproject.org/archives/list/[email protected]/message/B4CJSHXBD2RS5OJNWSHQZVMTQCCTIPYS/

lists.fedoraproject.org/archives/list/[email protected]/message/KEAFUZXOOJJVFYRQM6IIJ7LMLEKCCESG/

secdb.alpinelinux.org/edge/main.yaml

sourceforge.net/p/giflib/bugs/159/

0.001 Low

EPSS

Percentile

36.1%

JSON

Related for VERACODE:37806