cbcvebase.
CVE-2020-23922
published 2021-04-21

CVE-2020-23922: An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

PriorityP426high7.1CVSS 3.1
AVLACLPRNUIRSUCHINAH
EPSS
2.23%
80.5th percentile
An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

Affected

5 ranges
VendorProductVersion rangeFixed in
apachebookkeeper
debiangiflib< giflib 5.2.2-1 (forky)giflib 5.2.2-1 (forky)
giflib_projectgiflib<= 5.1.4
giflib_projectgiflib>= 0 < 5.2.2-15.2.2-1
giflib_projectgiflib>= 0 < 5.2.2-15.2.2-1

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:P
osv7.1HIGH
vendor_debian7.1LOW
vendor_redhat7.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.