Your submission was sent successfully! Close

CVE-2022-28506

Published: 25 April 2022

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.

Notes

AuthorNote
mdeslaur
invalid read of size 1, denial of service only
ccdm94
as of 2022-06-22 there seems to be a proposed patch,
however, it has yet to be merged by upstream. It
also looks like the proposed patched was not created
by upstream.
Priority

Low

CVSS 3 base score: 8.8

Status

Package Release Status
giflib
Launchpad, Ubuntu, Debian
bionic Deferred
(2022-06-22)
focal Deferred
(2022-06-22)
impish Ignored
(reached end-of-life)
jammy Deferred
(2022-06-22)
upstream Needed

xenial Deferred
(2022-06-22)