Date: Tue, 26 Jan 2016 22:31:42 +0800 (CST) From: xiaoqixue_1 <xiaoqixue_1@....com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: a bug in gif2rgb.c in giflib-5.1.2 We find a memory allocation whose size could be zero in gif2rgb.c. and It will result to several memory out of bound read and write. the bug in gif2rgb.c:386 : 386 if ((ScreenBuffer = (GifRowType *) 387 malloc(GifFile->SHeight * sizeof(GifRowType))) == NULL) 388 GIF_EXIT("Failed to allocate memory required, aborted."); Please see "http://sourceforge.net/p/giflib/bugs/82/" for more details. the bug was found by Qixue Xiao at Tsinghua University.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ