Buffer Overflow

2024-03-2020:48:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

giflib project

buffer overflow

vulnerability

dumpscreen2rgb

gif2rgb.c

local attacker

sensitive information

inadequate input validation

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

GifLib Project GifLib v.5.2.1 is vulnerable to a Buffer Overflow Vulnerability. The vulnerability is due to inadequate input validation in the DumpSCreen2RGB function within gif2rgb.c, which could be exploited by a local attacker to access sensitive information.

CPENameOperatorVersion
giflib:edgeeq5.2.1-r5
giflib:edgeeq5.2.1-r2
giflib:edgeeq5.2.1-r4
giflib:edgeeq5.2.1-r1
giflib:edgeeq5.2.1-r0
giflib:edgeeq5.2.1-r3
giflib:edgeeq5.2.1-r5
giflib:edgeeq5.2.1-r2
giflib:edgeeq5.2.1-r4
giflib:edgeeq5.2.1-r1

Name	Operator	Version
giflib:edge	eq	5.2.1-r5
giflib:edge	eq	5.2.1-r2
giflib:edge	eq	5.2.1-r4
giflib:edge	eq	5.2.1-r1
giflib:edge	eq	5.2.1-r0
giflib:edge	eq	5.2.1-r3
giflib:edge	eq	5.2.1-r5
giflib:edge	eq	5.2.1-r2
giflib:edge	eq	5.2.1-r4
giflib:edge	eq	5.2.1-r1