oss-sec mailing list archives

Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability.

From: Bernhard Rosenkränzer <bero () lindev ch>
Date: Wed, 09 Apr 2025 23:23:53 +0200

On Wednesday, April 09, 2025 23:11 CEST, Sebastian Pipping <sebastian () pipping org> wrote:

   https://github.com/openwrt/packages/issues/26277


Except for https://sourceforge.net/p/giflib/bugs/179/, all the issues seem to be in gif2rgb, which is, according to the 
giflib maintainer, "old and crappy code", and TBH, other than as a no-dependency test tool for giflib, it is fairly 
useless (just use ImageMagick or a similar tool to do the gif to rgb conversion).
Simply removing the gif2rgb tool is probably an acceptable solution.

ttyl
bero

Current thread:

CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰 (Apr 07)
- Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Mingcong Bai (Apr 07)
- Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Hanno Böck (Apr 07)
  - Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰 (Apr 08)
- Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer (Apr 07)
- Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping (Apr 09)
  - Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer (Apr 09)
    - Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping (Apr 09)