CVE-2023-36193Out-of-bounds Write in Gifsicle

CWE-787Out-of-bounds Write4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 86.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Lcdf GifsicleDebian Gifsicle
Timeline
PublishedJun 23

Description

Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/gifsicle< gifsicle 1.94-1 (forky)
Debianlcdf/gifsicle< 1.94-1+1
NVDlcdf/gifsicle1.93

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-4f2r-gxmm-56p6: Gifsicle v12023-06-23
OSV
CVE-2023-36193: Gifsicle v12023-06-23

📋Vendor Advisories

1
Debian
CVE-2023-36193: gifsicle - Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambigui...2023
CVE-2023-36193 — Out-of-bounds Write in Debian Gifsicle | cvebase