CVE-2019-15133
published 2019-08-17CVE-2019-15133: In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of…
PriorityP426medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
1.54%
71.8th percentile
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | giflib | < giflib 5.1.9-1 (bookworm) | giflib 5.1.9-1 (bookworm) |
| giflib_project | giflib | < 5.1.7 | 5.1.7 |
| giflib_project | giflib | >= 0 < 5.1.9-1 | 5.1.9-1 |
| giflib_project | giflib | >= 0 < 5.1.9-1 | 5.1.9-1 |
| giflib_project | giflib | >= 0 < 5.1.9-1 | 5.1.9-1 |
| giflib_project | giflib | >= 0 < 5.1.9-1 | 5.1.9-1 |
| giflib_project | giflib | >= 0 < 5.1.4-0.3~16.04.1 | 5.1.4-0.3~16.04.1 |
| giflib_project | giflib | >= 0 < 5.1.4-2ubuntu0.1 | 5.1.4-2ubuntu0.1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GIFLIB vulnerabilities
vendor_ubuntu·2019-08-20·CVSS 5.5
CVE-2016-3977 [MEDIUM] GIFLIB vulnerabilities
Title: GIFLIB vulnerabilities
Summary: Several security issues were fixed in GIFLIB.
It was discovered that GIFLIB incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 18.04 LTS. (CVE-2016-3977)
It was discovered that GIFLIB incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-11490, CVE-2019-15133)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
giflib: divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c
vendor_redhat·2019-08-17·CVSS 6.5
CVE-2019-15133 [MEDIUM] CWE-369 giflib: divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c
giflib: divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
Package: phantomjs (Red Hat Ceph Storage 2) - Not affected
Package: phantomjs (Red Hat Ceph Storage 3) - Not affected
Package: giflib (Red Hat Enterprise Linux 5) - Not affected
Package: giflib (Red Hat Enterprise Linux 6) - Not affected
Package: giflib (Red Hat Enterprise Linux 7) - Not affected
Package: giflib (Red Hat Enterprise Linux 8) - Not affected
Package: phantomjs (Red Hat Storage 3) - Not affected
Debian
CVE-2019-15133: giflib - In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exce...
vendor_debian·2019·CVSS 6.5
CVE-2019-15133 [MEDIUM] CVE-2019-15133: giflib - In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exce...
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
Scope: local
bookworm: resolved (fixed in 5.1.9-1)
bullseye: resolved (fixed in 5.1.9-1)
forky: resolved (fixed in 5.1.9-1)
sid: resolved (fixed in 5.1.9-1)
trixie: resolved (fixed in 5.1.9-1)
GHSA
GHSA-fhp4-279c-9rhq: In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib
ghsa_unreviewed·2022-05-24
CVE-2019-15133 [MEDIUM] CWE-369 GHSA-fhp4-279c-9rhq: In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
OSV
giflib vulnerabilities
osv·2019-08-20·CVSS 5.5
CVE-2016-3977 [MEDIUM] giflib vulnerabilities
giflib vulnerabilities
It was discovered that GIFLIB incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 18.04 LTS. (CVE-2016-3977)
It was discovered that GIFLIB incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-11490, CVE-2019-15133)
OSV
CVE-2019-15133: In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib
osv·2019-08-17·CVSS 6.5
CVE-2019-15133 [MEDIUM] CVE-2019-15133: In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-15133 mingw-giflib: giflib: divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c [fedora-all]
bugzilla·2019-11-12·CVSS 6.5
CVE-2019-15133 [MEDIUM] CVE-2019-15133 mingw-giflib: giflib: divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c [fedora-all]
CVE-2019-15133 mingw-giflib: giflib: divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: t
Bugzilla
CVE-2019-15133 giflib: divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c [fedora-all]
bugzilla·2019-11-12·CVSS 6.5
CVE-2019-15133 [MEDIUM] CVE-2019-15133 giflib: divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c [fedora-all]
CVE-2019-15133 giflib: divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affe
Bugzilla
CVE-2019-15133 giflib: divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c
bugzilla·2019-11-12·CVSS 6.5
CVE-2019-15133 [MEDIUM] CVE-2019-15133 giflib: divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c
CVE-2019-15133 giflib: divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c
A vulnerability was found in GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
Reference:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13008
Discussion:
Created giflib tracking bugs for this issue:
Affects: fedora-all [bug 1771311]
Created mingw-giflib tracking bugs for this issue:
Affects: fedora-all [bug 1771312]
---
Patch:
https://sourceforge.net/p/giflib/code/ci/799eb6a3af8a3dd81e2429bf11a72a57e541f908/
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access
arXiv
Threat Assessment in Machine Learning based Systems
arxiv_fulltext·2022-06-30
Threat Assessment in Machine Learning based Systems
Threat Assessment in Machine Learning based Systems
Lionel Nganyewou Tidjon and Foutse Khomh, Senior Member, IEEE
The authors are with Polytechnique Montréal, Montréal, QC H3C 3A7, Canada.
E-mail: \lionel.tidjon, foutse.khomh\@polymtl.ca
## Abstract
Machine learning is a field of artificial intelligence (AI) that is becoming essential for several critical systems, making it a good target for threat actors. Threat actors exploit different Tactics, Techniques, and Procedures (TTPs) against the confidentiality, integrity, and availability of Machine Learning (ML) systems.
During the ML
cycle, they exploit adversarial TTPs to poison data and fool ML-based systems. In recent years, multiple security practices have been proposed for traditional systems but they are not enough to cope with th
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13008https://lists.debian.org/debian-lts-announce/2022/12/msg00008.htmlhttps://usn.ubuntu.com/4107-1/https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13008https://lists.debian.org/debian-lts-announce/2022/12/msg00008.htmlhttps://usn.ubuntu.com/4107-1/
2019-08-17
Published