Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-11490

Опубликовано: 23 мая 2018
Источник: redhat
CVSS3: 3.3

Описание

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

Отчет

This issue did not affect the versions of giflib as shipped with Red Hat Enterprise Linux 5, 6, an 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5giflibNot affected
Red Hat Enterprise Linux 6giflibNot affected
Red Hat Enterprise Linux 7giflibNot affected
Red Hat Enterprise Linux 8giflibNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational ToolsphantomjsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1583400giflib: heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-11490

CVSS3: 8.8
ubuntu
больше 7 лет назад

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

nvd логотип

CVE-2018-11490

CVSS3: 8.8
nvd
больше 7 лет назад

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

debian логотип

CVE-2018-11490

CVSS3: 8.8
debian
больше 7 лет назад

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly vers ...

github логотип

GHSA-5fjm-57qj-h2pj

CVSS3: 8.8
github
больше 3 лет назад

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

fstec логотип

BDU:2022-05750

CVSS3: 8.8
fstec
больше 7 лет назад

Уязвимость функции DGifDecompressLine компонента dgif_lib.c библиотеки для работы с GIF файлами GIFLIB, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

3.3 Low

CVSS3