[3.3] giflib: heap buffer overflow in gif2rgb (CVE-2016-3977)
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib
5.1.2 allows remote attackers to cause a denial
of service (application crash) via the background color index in a GIF
file.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3977
https://sourceforge.net/p/giflib/bugs/87/
Fix:
https://sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88/
(from redmine: issue id 5514, created on 2016-04-28, closed on 2016-06-15)
- Relations:
- parent #5512 (closed)
- Changesets:
- Revision 51451444 on 2016-06-14T11:40:37Z:
main/giflib: security fix (CVE-2016-3977). Fixes #5514