Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-31344

Опубликовано: 14 апр. 2025
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2.

A flaw was found in the gif2rgb utility of giflib. This vulnerability allows an attacker to cause a heap-based buffer overflow via crafted GIF files. The issue arises due to improper handling of certain GIF image data, leading to memory corruption.​

Отчет

java-*-openjdk-headless packages do not contain libawt.so, hence are not affected.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of OpenJDK 11java-11-openjdk-portableNot affected
Red Hat build of OpenJDK 17java-17-openjdk-portableNot affected
Red Hat build of OpenJDK 1.8java-1.8.0-openjdk-portableNot affected
Red Hat build of OpenJDK 21java-21-openjdk-portableNot affected
Red Hat Enterprise Linux 10giflibFix deferred
Red Hat Enterprise Linux 10java-21-openjdkNot affected
Red Hat Enterprise Linux 6giflibFix deferred
Red Hat Enterprise Linux 7giflibFix deferred
Red Hat Enterprise Linux 7java-1.8.0-openjdkNot affected
Red Hat Enterprise Linux 8giflibFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2359418giflib: The giflib open-source component has a buffer overflow vulnerability

EPSS

Процентиль: 31%
0.0012
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-31344

CVSS3: 7.3
ubuntu
12 месяцев назад

Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2.

nvd логотип

CVE-2025-31344

CVSS3: 7.3
nvd
12 месяцев назад

Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2.

msrc логотип

CVE-2025-31344

CVSS3: 7.3
msrc
12 месяцев назад

The giflib open-source component has a buffer overflow vulnerability

debian логотип

CVE-2025-31344

CVSS3: 7.3
debian
12 месяцев назад

Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. ...

suse-cvrf логотип

SUSE-SU-2025:1164-1

suse-cvrf
12 месяцев назад

Security update for giflib

EPSS

Процентиль: 31%
0.0012
Низкий

5.9 Medium

CVSS3