cbcvebase.
CVE-2022-28506
published 2022-04-25

CVE-2022-28506: There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.

PriorityP423medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
EPSS
1.22%
65.0th percentile
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.

Affected

16 ranges
VendorProductVersion rangeFixed in
debiangiflib< giflib 5.2.2-1 (forky)giflib 5.2.2-1 (forky)
fedoraprojectfedora
fedoraprojectfedora
giflib_projectgiflib
giflib_projectgiflib>= 0 < 5.2.2-15.2.2-1
giflib_projectgiflib>= 0 < 5.2.2-15.2.2-1
giflib_projectgiflib>= 0 < 5.1.9-1ubuntu0.15.1.9-1ubuntu0.1
giflib_projectgiflib>= 0 < 5.1.9-2ubuntu0.15.1.9-2ubuntu0.1
giflib_projectgiflib>= 0 < 5.1.4-0.3~16.04.1+esm15.1.4-0.3~16.04.1+esm1
giflib_projectgiflib>= 0 < 5.1.4-2ubuntu0.1+esm15.1.4-2ubuntu0.1+esm1
msrcazl3_giflib_5.2.1-10_on_azure_linux_3.0
msrcazl3_giflib_5.2.1-7_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian5.5LOW
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.