CVE-2016-3977

CWE-119 — Buffer Overflow CWE-122 — Heap-based Buffer Overflow10 documents8 sources

Severity

5.5MEDIUM

EPSS

1.0%

top 23.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Giflib Project Giflib Opensuse Opensuse

Timeline

PublishedApr 21

Latest updateMay 14

Description

Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶Debiangiflib< 5.1.4-3+3

▶Ubuntugiflib< 5.1.4-0.3~16.04.1+1

▶NVDgiflib_project/giflib5.1.2

▶NVDopensuse/opensuse13.2

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-f9f6-3pmf-963r: Heap-based buffer overflow in util/gif2rgb↗2022-05-14

▶

OSV

giflib vulnerabilities↗2019-08-20

▶

CVEList

CVE-2016-3977: Heap-based buffer overflow in util/gif2rgb↗2016-04-21

▶

OSV

CVE-2016-3977: Heap-based buffer overflow in util/gif2rgb↗2016-04-21

▶

📋Vendor Advisories

Ubuntu

GIFLIB vulnerabilities↗2019-08-20

▶

Red Hat

giflib: heap buffer overflow in gif2rgb↗2016-04-04

▶

Debian

CVE-2016-3977: giflib - Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows r...↗2016

▶

💬Community

Bugzilla

CVE-2016-3977 giflib: heap buffer overflow in gif2rgb↗2016-04-11

▶

Bugzilla

CVE-2016-3977 giflib: heap buffer overflow in gif2rgb [fedora-all]↗2016-04-11

▶