Описание
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
A security flaw related to buffer overflow has been identified in GifLib. This flaw allows a nearby attacker to access sensitive information through the DumpSCreen2RGB function in gif2rgb.c.
Отчет
The CVE-2023-48161 vulnerability in GifLib presents a Moderate severity issue rather than an Important one due to several factors. Firstly, while the vulnerability allows for a heap buffer overflow in the DumpScreen2RGB function of gif2rgb.c, exploitation requires specific conditions, such as handling a specially crafted GIF during the image-saving process. This limits the attack surface and reduces the likelihood of exploitation in typical usage scenarios. Additionally, the vulnerability does not grant immediate remote code execution or privilege escalation capabilities, further mitigating its severity. Furthermore, effective mitigation measures, such as implementing input validation and proper error handling, can reduce the risk of exploitation. Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Secure baseline configurations provide a strong foundation for maintaining a secure and resilient environment. Rigorous testing and development practices (SAST, DAST, etc.) identify and address memory vulnerabilities before they are promoted to Red Hat production platforms, and the malicious code protection used further mitigates impacts by detecting, blocking, and responding to exploitation attempts. The platform uses OS versions that inherit certain security tools and features from RHEL that are enabled by default, such as SELinux and Address Space Layout Randomization (ASLR). Least functionality and process isolation minimizes the attack surface by disabling unauthorized services and ports and containing any corruption within the originating process, preventing it from affecting other processes or the system as a whole.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of OpenJDK 11 | java-11-openjdk-portable | Will not fix | ||
| Red Hat build of OpenJDK 11 | java-17-openjdk-portable | Affected | ||
| Red Hat build of OpenJDK 11 | java-1.8.0-openjdk-portable | Will not fix | ||
| Red Hat build of OpenJDK 17 | java-11-openjdk-portable | Affected | ||
| Red Hat build of OpenJDK 17 | java-17-openjdk-portable | Not affected | ||
| Red Hat build of OpenJDK 17 | java-1.8.0-openjdk-portable | Affected | ||
| Red Hat build of OpenJDK 1.8 | java-11-openjdk-portable | Will not fix | ||
| Red Hat build of OpenJDK 1.8 | java-17-openjdk-portable | Will not fix | ||
| Red Hat build of OpenJDK 1.8 | java-1.8.0-openjdk-portable | Will not fix | ||
| Red Hat Enterprise Linux 6 | giflib | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows ...
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
EPSS
7.1 High
CVSS3