CVE-2016-3177

CWE-415 CWE-416 — Use After Free10 documents7 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 58.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Giflib Project Giflib

Timeline

PublishedJan 23

Latest updateMay 17

Description

Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶Debiangiflib< 5.1.4-0.1+3

▶NVDgiflib_project/giflib5.1.2

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-7594-89x5-4cr4: Multiple use-after-free and double-free vulnerabilities in gifcolor↗2022-05-17

▶

OSV

tomcat6, tomcat7 regression↗2017-02-02

▶

OSV

CVE-2016-3177: Multiple use-after-free and double-free vulnerabilities in gifcolor↗2017-01-23

▶

CVEList

CVE-2016-3177: Multiple use-after-free and double-free vulnerabilities in gifcolor↗2017-01-23

▶

📋Vendor Advisories

Red Hat

giflib: Use-after-free in gifcolor utility↗2016-03-15

▶

Debian

CVE-2016-3177: giflib - Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB ...↗2016

▶

💬Community

Bugzilla

CVE-2016-3177 mingw-giflib: giflib: Use-after-free in gifcolor utility [fedora-all]↗2016-03-16

▶

Bugzilla

CVE-2016-3177 giflib: Use-after-free in gifcolor utility [fedora-all]↗2016-03-16

▶

Bugzilla

CVE-2016-3177 giflib: Use-after-free in gifcolor utility↗2016-03-03

▶