CVE-2020-23922
published 2021-04-21CVE-2020-23922: An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.
PriorityP426high7.1CVSS 3.1
AVLACLPRNUIRSUCHINAH
EPSS
2.23%
80.5th percentile
An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | bookkeeper | — | — |
| debian | giflib | < giflib 5.2.2-1 (forky) | giflib 5.2.2-1 (forky) |
| giflib_project | giflib | <= 5.1.4 | — |
| giflib_project | giflib | >= 0 < 5.2.2-1 | 5.2.2-1 |
| giflib_project | giflib | >= 0 < 5.2.2-1 | 5.2.2-1 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:P
osv7.1HIGH
vendor_debian7.1LOW
vendor_redhat7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
giflib: out-of-bounds read in DumpScreen2RGB() in gif2rgb.c in gif2rgb tool
vendor_redhat·2021-04-22·CVSS 7.1
CVE-2020-23922 [HIGH] CWE-125 giflib: out-of-bounds read in DumpScreen2RGB() in gif2rgb.c in gif2rgb tool
giflib: out-of-bounds read in DumpScreen2RGB() in gif2rgb.c in gif2rgb tool
An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.
A flaw was found in giflib. A missing check in function DumpScreen2RGB in gif2rgb.c leads to an out-of-bounds read, allowing an attacker to crash the gif2rgb tool. The issue is not in the giflib library, but in the gif2rgb utility program.
Statement: This issue did not affect the versions of giflib as shipped with Red Hat Enterprise Linux 8 as they did not include the gif2rgb tool.
Package: giflib (Red Hat Enterprise Linux 6) - Out of support scope
Package: giflib (Red Hat Enterprise Linux 7) - Out of support scope
Package: giflib (Red Hat Enterprise Linux 8) - Not affected
Package: giflib (Red Hat
Debian
CVE-2020-23922: giflib - An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has...
vendor_debian·2020·CVSS 7.1
CVE-2020-23922 [HIGH] CVE-2020-23922: giflib - An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has...
An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 5.2.2-1)
sid: resolved (fixed in 5.2.2-1)
trixie: resolved (fixed in 5.2.2-1)
GHSA
GHSA-6xhw-5p38-q4xw: An issue was discovered in giflib through 5
ghsa_unreviewed·2022-05-24
CVE-2020-23922 [HIGH] CWE-125 GHSA-6xhw-5p38-q4xw: An issue was discovered in giflib through 5
An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.
OSV
CVE-2020-23922: An issue was discovered in giflib through 5
osv·2021-04-21·CVSS 7.1
CVE-2020-23922 [HIGH] CVE-2020-23922: An issue was discovered in giflib through 5
An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.
No detection rules found.
No public exploits indexed.
https://cwe.mitre.org/data/definitions/126.htmlhttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://sourceforge.net/p/giflib/bugs/151/https://cwe.mitre.org/data/definitions/126.htmlhttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://sourceforge.net/p/giflib/bugs/151/
2021-04-21
Published