#VU80867 Buffer overflow in GIFLIB - CVE-2023-39742

Cybersecurity Help s.r.o.

Published: 2023-09-18 | Updated: 2024-03-07

Vulnerability identifier: #VU80867

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39742

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
GIFLIB
Client/Desktop applications / Multimedia software

Vendor: GIFLIB Project

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in getarg.c. A remote attacker can pass a specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

GIFLIB: 5.2.0 - 5.2.1

External links
https://gist.github.com/huanglei3/ec9090096aa92445cf0a8baa8e929084
https://sourceforge.net/p/giflib/bugs/166/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for giflib

SUSE update for giflib

Ubuntu update for giflib

Anolis OS update for giflib

openEuler update for giflib

Fedora 39 update for giflib

Fedora 38 update for giflib

Fedora 37 update for giflib

Denial of service in giflib