CVE-2022-28506

Опубликовано: 25 апр. 2022

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.

Ссылки

https://github.com/verf1sh/Poc/blob/master/asan_report_giflib.png
Exploit
Third Party Advisory
https://github.com/verf1sh/Poc/blob/master/giflib_poc
Exploit
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4CJSHXBD2RS5OJNWSHQZVMTQCCTIPYS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEAFUZXOOJJVFYRQM6IIJ7LMLEKCCESG/
https://sourceforge.net/p/giflib/bugs/159/
Exploit
Third Party Advisory
https://github.com/verf1sh/Poc/blob/master/asan_report_giflib.png
Exploit
Third Party Advisory
https://github.com/verf1sh/Poc/blob/master/giflib_poc
Exploit
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4CJSHXBD2RS5OJNWSHQZVMTQCCTIPYS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEAFUZXOOJJVFYRQM6IIJ7LMLEKCCESG/
https://sourceforge.net/p/giflib/bugs/159/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:giflib_project:giflib:5.2.1:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00059

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2022-28506

CVSS3: 5.5

ubuntu

больше 3 лет назад

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.

CVE-2022-28506

CVSS3: 5.5

redhat

больше 3 лет назад

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.

CVE-2022-28506

CVSS3: 5.5

msrc

10 месяцев назад

Описание отсутствует

CVE-2022-28506

CVSS3: 5.5

debian

больше 3 лет назад

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RG ...

GHSA-x77v-4m7v-7fgv

CVSS3: 8.8

github

больше 3 лет назад

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.

EPSS

Процентиль: 19%

0.00059

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-787