Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Mar 2016 13:28:30 +0100
From: FEIST Josselin <josselin.feist@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request : Use-after-free in gifcolor

Hi,

Multiples double-free / use-after-free (with the same root origin) were
reported in giflib (https://sourceforge.net/projects/giflib/) on
February 18.
It affects the utility gifcolor. More information here:
https://sourceforge.net/p/giflib/bugs/83/
The fixed version should be release soon.

Since the vuln is medium/severe (double-free/use-after-free), but the
attack surface is low (it affects only gifcolor, no the lib itself),
could it be possible to receive a CVE number for it ?

It was found with the help of the static analyzer GUEB.

Thanks !
Best regards,
Josselin Feist

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ