Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Debian 10: DLA-3223-1 Critical: giflib Buffer Overflow and DoS Risk

debian lts
Calendar Grey December 5, 2022
Dist Debian Esm H88
Enhance giflib to rectify issues related to file formats, such as buffer overflow vulnerabilities and Denial of Service threats, following the guidance of Debian LTS DLA-3223-1.
This update fixes two file format vulnerabilities in giflib
Topics%20covered

Topics Covered

security advisory denial of service buffer overflow software update debian giflib file format issue

Summary

CVE-2018-11490

The DGifDecompressLine function in dgif_lib.c, as later shipped in
cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a
certain "Private->RunningCode - 2" array index is not checked. This
will lead to a denial of service or possibly unspecified other
impact.

CVE-2019-15133

A malformed GIF file triggers a divide-by-zero exception in the
decoder function DGifSlurp in dgif_lib.c if the height field of the
ImageSize data structure is equal to zero.

For Debian 10 buster, these problems have been fixed in version
5.1.4-3+deb10u1.

We recommend that you upgrade your giflib packages.

For the detailed security status of giflib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/giflib

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: giflib
Version: 5.1.4-3+deb10u1
CVE ID: CVE-2018-11490 CVE-2019-15133
Debian Bug: 904114

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow software update debian giflib file format issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here