oss-sec mailing list archives
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability.
From: Bernhard Rosenkränzer <bero () lindev ch>
Date: Mon, 07 Apr 2025 21:50:30 +0200
On Monday, April 07, 2025 15:15 CEST, 李亚杰 <liyajie () openeuler sh> wrote:
Affected Versions: - giflib 5.2.2 and below Description: In the function DumpScreen2RGB of the giflib software, an attempt is made to access the color map through ColorMapEntry. The size of ColorMap is 6 bytes (from 0x602000000030 to 0x602000000036). However, when accessing ColorMap->Colors[GifRow[j]], the value of GifRow[j] exceeds the actual number of colors stored.
Thanks for the disclosure. Since there doesn't seem to be a proposed patch yet, here's mine: https://github.com/OpenMandrivaAssociation/giflib/blob/master/giflib-5.2.2-cve-2025-31344.patch ttyl bero
Current thread:
- CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰 (Apr 07)
- Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Mingcong Bai (Apr 07)
- Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Hanno Böck (Apr 07)
- Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer (Apr 07)
- Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping (Apr 09)
- Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer (Apr 09)
- Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping (Apr 09)
- Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer (Apr 09)