Your submission was sent successfully! Close

CVE-2016-3977

Published: 21 April 2016

Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
giflib
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic
Released (5.1.4-2ubuntu0.1)
cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(5.1.4-3)
precise Does not exist
(precise was needs-triage)
trusty Does not exist
(trusty was needed)
upstream Needs triage

wily Ignored
(reached end-of-life)
xenial Not vulnerable
(5.1.4-0.3)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)

Notes

AuthorNote
sbeattie
out of bounds read
mdeslaur
looks like this was fixed in 5.1.4-0.3 but then the patch got
dropped again in 5.1.4-0.4 although it's still needed, contrary
to the note in the changelog

References

Bugs