cbcvebase.
CVE-2021-40633
published 2022-06-14

CVE-2021-40633: A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via…

PriorityP338high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.52%
71.5th percentile
A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiangiflib< giflib 5.2.2-1 (forky)giflib 5.2.2-1 (forky)
giflib_projectgiflib
giflib_projectgiflib>= 0 < 5.2.2-15.2.2-1
giflib_projectgiflib>= 0 < 5.2.2-15.2.2-1
giflib_projectgiflib>= 0 < 5.1.9-1ubuntu0.15.1.9-1ubuntu0.1
giflib_projectgiflib>= 0 < 5.1.9-2ubuntu0.15.1.9-2ubuntu0.1
giflib_projectgiflib>= 0 < 5.1.4-0.3~16.04.1+esm15.1.4-0.3~16.04.1+esm1
giflib_projectgiflib>= 0 < 5.1.4-2ubuntu0.1+esm15.1.4-2ubuntu0.1+esm1
msrcazl3_giflib_5.2.1-10_on_azure_linux_3.0
msrcazl3_tensorflow_2.16.1-9_on_azure_linux_3.0

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.