giflib: heap buffer overflow in gif2rgb (CVE-2016-3977)
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib
5.1.2 allows remote attackers to cause a denial
of service (application crash) via the background color index in a GIF
file.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3977
https://sourceforge.net/p/giflib/bugs/87/
Fix:
https://sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88/
(from redmine: issue id 5512, created on 2016-04-28, closed on 2016-06-15)
- Relations:
- child #5513 (closed)
- child #5514 (closed)
- child #5515 (closed)
- child #5516 (closed)
- child #5517 (closed)
- Changesets:
- Revision 37401563 by Natanael Copa on 2016-05-24T11:37:33Z:
main/giflib: security upgrade to 5.1.4 (CVE-2016-3977)
fixes #5512