Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-48161

Опубликовано: 22 нояб. 2023
Источник: redhat
CVSS3: 7.1
EPSS Низкий

Описание

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c

A security flaw related to buffer overflow has been identified in GifLib. This flaw allows a nearby attacker to access sensitive information through the DumpSCreen2RGB function in gif2rgb.c.

Отчет

The CVE-2023-48161 vulnerability in GifLib presents a Moderate severity issue rather than an Important one due to several factors. Firstly, while the vulnerability allows for a heap buffer overflow in the DumpScreen2RGB function of gif2rgb.c, exploitation requires specific conditions, such as handling a specially crafted GIF during the image-saving process. This limits the attack surface and reduces the likelihood of exploitation in typical usage scenarios. Additionally, the vulnerability does not grant immediate remote code execution or privilege escalation capabilities, further mitigating its severity. Furthermore, effective mitigation measures, such as implementing input validation and proper error handling, can reduce the risk of exploitation.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of OpenJDK 11java-11-openjdk-portableWill not fix
Red Hat build of OpenJDK 11java-17-openjdk-portableAffected
Red Hat build of OpenJDK 11java-1.8.0-openjdk-portableWill not fix
Red Hat build of OpenJDK 17java-11-openjdk-portableAffected
Red Hat build of OpenJDK 17java-17-openjdk-portableNot affected
Red Hat build of OpenJDK 17java-1.8.0-openjdk-portableAffected
Red Hat build of OpenJDK 1.8java-11-openjdk-portableWill not fix
Red Hat build of OpenJDK 1.8java-17-openjdk-portableWill not fix
Red Hat build of OpenJDK 1.8java-1.8.0-openjdk-portableWill not fix
Red Hat Enterprise Linux 6giflibOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2251025giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function

EPSS

Процентиль: 7%
0.00026
Низкий

7.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-48161

CVSS3: 7.1
ubuntu
больше 2 лет назад

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c

nvd логотип

CVE-2023-48161

CVSS3: 7.1
nvd
больше 2 лет назад

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c

msrc логотип

CVE-2023-48161

CVSS3: 7.1
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-48161

CVSS3: 7.1
debian
больше 2 лет назад

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows ...

github логотип

GHSA-rgc3-xv9w-g763

CVSS3: 7.1
github
больше 2 лет назад

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c

EPSS

Процентиль: 7%
0.00026
Низкий

7.1 High

CVSS3