CVE-2020-23922

CWE-125Out-of-bounds Read6 documents6 sources
Severity
7.1HIGH
EPSS
3.8%
top 11.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Giflib Project GiflibApache Bookkeeper
Timeline
PublishedApr 21
Latest updateMay 24

Description

An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

Debiangiflib< 5.2.2-1+1
NVDapache/bookkeeper4.12.1

🔴Vulnerability Details

3
GHSA
GHSA-6xhw-5p38-q4xw: An issue was discovered in giflib through 52022-05-24
CVEList
CVE-2020-23922: An issue was discovered in giflib through 52021-04-21
OSV
CVE-2020-23922: An issue was discovered in giflib through 52021-04-21

📋Vendor Advisories

2
Red Hat
giflib: out-of-bounds read in DumpScreen2RGB() in gif2rgb.c in gif2rgb tool2021-04-22
Debian
CVE-2020-23922: giflib - An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has...2020
CVE-2020-23922 (HIGH CVSS 7.1) | An issue was discovered in giflib t | cvebase.io