cbcvebase.
CVE-2005-3350
published 2005-11-04

CVE-2005-3350: libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds…

PriorityP433high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.42%
90.1th percentile
libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.

Affected

7 ranges
VendorProductVersion rangeFixed in
debiangiflib< giflib 4.1.4-1 (bookworm)giflib 4.1.4-1 (bookworm)
giflib_projectgiflib>= 0 < 4.1.4-14.1.4-1
giflib_projectgiflib>= 0 < 4.1.4-14.1.4-1
giflib_projectgiflib>= 0 < 4.1.4-14.1.4-1
giflib_projectgiflib>= 0 < 4.1.4-14.1.4-1
libungiflibungif<= 4.1
libungiflibungif

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.