Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6824-1

Ubuntu Security Notice 6824-1 - It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service.

Packet Storm
#vulnerability#ubuntu#dos

==========================================================================
Ubuntu Security Notice USN-6824-1
June 10, 2024

giflib vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in giflib.

Software Description:

  • giflib: library for GIF images (utilities)

Details:

It was discovered that GIFLIB incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-40633, CVE-2022-28506, CVE-2023-39742)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10
giflib-tools 5.2.1-2.5ubuntu0.1

Ubuntu 22.04 LTS
giflib-tools 5.1.9-2ubuntu0.1

Ubuntu 20.04 LTS
giflib-tools 5.1.9-1ubuntu0.1

Ubuntu 18.04 LTS
giflib-tools 5.1.4-2ubuntu0.1+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
giflib-tools 5.1.4-0.3~16.04.1+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6824-1
CVE-2021-40633, CVE-2022-28506, CVE-2023-39742

Package Information:
https://launchpad.net/ubuntu/+source/giflib/5.2.1-2.5ubuntu0.1
https://launchpad.net/ubuntu/+source/giflib/5.1.9-2ubuntu0.1
https://launchpad.net/ubuntu/+source/giflib/5.1.9-1ubuntu0.1

Related news

CVE-2023-48161: GIFLIB / Bugs / #167 Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c

CVE-2023-39742: Notify CVE about a publication

giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.

CVE-2021-40633: GIFLIB / Bugs / #157 An OutofMemory-Exception or Memory Leak in gif2rgb

A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.

CVE-2022-28506: GIFLIB / Bugs / #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution