CVE-2025-31344
published 2025-04-14CVE-2025-31344: Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects…
PriorityP337high7.3CVSS 3.1
AVLACLPRNUINSUCLILAH
EPSS
0.22%
12.3th percentile
Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C.
This issue affects giflib: through 5.2.2.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | giflib | — | — |
| giflib_project | giflib | >= 0 < 5.2.2-r1 | 5.2.2-r1 |
| giflib_project | giflib | >= 0 < 5.2.2-r1 | 5.2.2-r1 |
| giflib_project | giflib | >= 0 < 5.2.2-r1 | 5.2.2-r1 |
| msrc | azl3_giflib_5.2.1-10_on_azure_linux_3.0 | — | — |
| msrc | azl3_giflib_5.2.1-9_on_azure_linux_3.0 | — | — |
| msrc | azl3_tensorflow_2.16.1-9_on_azure_linux_3.0 | — | — |
| msrc | cbl2_giflib_5.2.1-10_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_giflib_5.2.1-9_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_tensorflow_2.11.1-2_on_cbl_mariner_2.0 | — | — |
| openeuler | giflib | <= 5.2.2 | — |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
osv7.3HIGH
vendor_debian7.3HIGH
vendor_msrc7.3HIGH
vendor_redhat7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
giflib: The giflib open-source component has a buffer overflow vulnerability
vendor_redhat·2025-04-14·CVSS 7.3
CVE-2025-31344 [HIGH] CWE-122 giflib: The giflib open-source component has a buffer overflow vulnerability
giflib: The giflib open-source component has a buffer overflow vulnerability
Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C.
This issue affects giflib: through 5.2.2.
A flaw was found in the gif2rgb utility of giflib. This vulnerability allows an attacker to cause a heap-based buffer overflow via crafted GIF files. The issue arises due to improper handling of certain GIF image data, leading to memory corruption.
Statement: java-*-openjdk-headless packages do not contain libawt.so, hence are not affected.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability
Microsoft
The giflib open-source component has a buffer overflow vulnerability
vendor_msrc·2025-04-08·CVSS 7.3
CVE-2025-31344 [HIGH] CWE-122 The giflib open-source component has a buffer overflow vulnerability
The giflib open-source component has a buffer overflow vulnerability
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
openEuler: openEuler
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Ref
Debian
CVE-2025-31344: giflib - Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vuln...
vendor_debian·2025·CVSS 7.3
CVE-2025-31344 [HIGH] CVE-2025-31344: giflib - Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vuln...
Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
GHSA
GHSA-4764-r75x-h867: Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux
ghsa_unreviewed·2025-04-14
CVE-2025-31344 [HIGH] CWE-122 GHSA-4764-r75x-h867: Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux
Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C.
This issue affects giflib: through 5.2.2.
OSV
CVE-2025-31344: Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux
osv·2025-04-14·CVSS 7.3
CVE-2025-31344 [HIGH] CVE-2025-31344: Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux
Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2.
OSV
CVE-2025-31344: Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux
osv·2025-04-14·CVSS 7.3
CVE-2025-31344 [HIGH] CVE-2025-31344: Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux
Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C.
This issue affects giflib: through 5.2.2.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitee.com/src-openeuler/giflib/pulls/54https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1292http://www.openwall.com/lists/oss-security/2025/04/07/3http://www.openwall.com/lists/oss-security/2025/04/07/4http://www.openwall.com/lists/oss-security/2025/04/07/5http://www.openwall.com/lists/oss-security/2025/04/07/6http://www.openwall.com/lists/oss-security/2025/04/08/1http://www.openwall.com/lists/oss-security/2025/04/09/5http://www.openwall.com/lists/oss-security/2025/04/09/7http://www.openwall.com/lists/oss-security/2025/04/10/1
2025-04-14
Published