Date: Wed, 16 Mar 2016 13:28:30 +0100 From: FEIST Josselin <josselin.feist@...il.com> To: oss-security@...ts.openwall.com Subject: CVE Request : Use-after-free in gifcolor Hi, Multiples double-free / use-after-free (with the same root origin) were reported in giflib (https://sourceforge.net/projects/giflib/) on February 18. It affects the utility gifcolor. More information here: https://sourceforge.net/p/giflib/bugs/83/ The fixed version should be release soon. Since the vuln is medium/severe (double-free/use-after-free), but the attack surface is low (it affects only gifcolor, no the lib itself), could it be possible to receive a CVE number for it ? It was found with the help of the static analyzer GUEB. Thanks ! Best regards, Josselin Feist
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ