Debian Security Advisory
DLA-3223-1 giflib -- LTS security update
- Date Reported:
- 05 Dec 2022
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 904114.
In Mitre's CVE dictionary: CVE-2018-11490, CVE-2019-15133.
- More information:
This update fixes two file format vulnerabilities in giflib.
dgif_lib.c, as later shipped in
cgif.cin sam2p 0.49.4, has a heap-based buffer overflow because a certain "
Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
A malformed GIF file triggers a divide-by-zero exception in the decoder function
heightfield of the
ImageSizedata structure is equal to zero.
For Debian 10 buster, these problems have been fixed in version 5.1.4-3+deb10u1.
We recommend that you upgrade your giflib packages.
For the detailed security status of giflib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/giflib
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS