Описание
Security update for giflib
This update for giflib fixes the following issues:
- CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine() (bsc#1094832)
- CVE-2021-40633: Fixed a denial of service from excessive memory (bsc#1200551)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
giflib-progs-5.0.5-13.3.1
libgif6-5.0.5-13.3.1
libgif6-32bit-5.0.5-13.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
giflib-progs-5.0.5-13.3.1
libgif6-5.0.5-13.3.1
libgif6-32bit-5.0.5-13.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5
giflib-devel-5.0.5-13.3.1
Ссылки
- Link for SUSE-SU-2024:1622-1
- E-Mail link for SUSE-SU-2024:1622-1
- SUSE Security Ratings
- SUSE Bug 1094832
- SUSE Bug 1200551
- SUSE CVE CVE-2018-11490 page
- SUSE CVE CVE-2021-40633 page
Описание
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:giflib-progs-5.0.5-13.3.1
SUSE Linux Enterprise Server 12 SP5:libgif6-32bit-5.0.5-13.3.1
SUSE Linux Enterprise Server 12 SP5:libgif6-5.0.5-13.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:giflib-progs-5.0.5-13.3.1
Ссылки
- CVE-2018-11490
- SUSE Bug 1094832
Описание
A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:giflib-progs-5.0.5-13.3.1
SUSE Linux Enterprise Server 12 SP5:libgif6-32bit-5.0.5-13.3.1
SUSE Linux Enterprise Server 12 SP5:libgif6-5.0.5-13.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:giflib-progs-5.0.5-13.3.1
Ссылки
- CVE-2021-40633
- SUSE Bug 1200551