[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3223-1] giflib security update

Debian LTS Advisory DLA-3223-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                        Helmut Grohne
December 05, 2022                             https://wiki.debian.org/LTS

Package        : giflib
Version        : 5.1.4-3+deb10u1
CVE ID         : CVE-2018-11490 CVE-2019-15133
Debian Bug     : 904114

This update fixes two file format vulnerabilities in giflib.


    The DGifDecompressLine function in dgif_lib.c, as later shipped in
    cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a
    certain "Private->RunningCode - 2" array index is not checked.  This
    will lead to a denial of service or possibly unspecified other


    A malformed GIF file triggers a divide-by-zero exception in the
    decoder function DGifSlurp in dgif_lib.c if the height field of the
    ImageSize data structure is equal to zero.

For Debian 10 buster, these problems have been fixed in version

We recommend that you upgrade your giflib packages.

For the detailed security status of giflib please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to: