------------------------------------------------------------------------- Debian LTS Advisory DLA-3223-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Helmut Grohne December 05, 2022 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : giflib Version : 5.1.4-3+deb10u1 CVE ID : CVE-2018-11490 CVE-2019-15133 Debian Bug : 904114 This update fixes two file format vulnerabilities in giflib. CVE-2018-11490 The DGifDecompressLine function in dgif_lib.c, as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. CVE-2019-15133 A malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero. For Debian 10 buster, these problems have been fixed in version 5.1.4-3+deb10u1. We recommend that you upgrade your giflib packages. For the detailed security status of giflib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/giflib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature