CVE-2019-15133

Published: 17 August 2019

In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
giflib
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.1.4-2ubuntu0.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (5.1.4-0.3~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://sourceforge.net/p/giflib/code/ci/799eb6a3af8a3dd81e2429bf11a72a57e541f908/