ELA-751-1 giflib security update

Debian 9936 Published by

A giflib security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address two file format vulnerabilities.



ELA-751-1 giflib security update

Package : giflib
Version : 4.1.6-11+deb8u2 (jessie), 5.1.4-0.4+deb9u1 (stretch)

Related CVEs :
CVE-2016-3977
CVE-2018-11490
CVE-2019-15133

This update fixes two file format vulnerabilities in giflib and one in the gif2rgb utility.

CVE-2016-3977
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file

CVE-2018-11490
The DGifDecompressLine function in dgif_lib.c, as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

CVE-2019-15133
A malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.

  ELA-751-1 giflib security update

USN-5760-1: libxml2 vulnerabilities

Top 10 Best Mini PCs Of The Year and more

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...