Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Jan 2016 22:31:42 +0800 (CST)
From: xiaoqixue_1  <xiaoqixue_1@....com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: a bug in gif2rgb.c in giflib-5.1.2





We find a memory allocation whose size could be zero in gif2rgb.c. 
and It will result to several memory out of bound read and write. the bug in gif2rgb.c:386 :

386 if ((ScreenBuffer = (GifRowType *) 
387 malloc(GifFile->SHeight * sizeof(GifRowType))) == NULL) 
388 GIF_EXIT("Failed to allocate memory required, aborted.");


Please see "http://sourceforge.net/p/giflib/bugs/82/" for more details.




the bug was found by Qixue Xiao at Tsinghua University.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ