Date: Tue, 13 Sep 2016 18:55:08 +0200 From: Hanno Böck <hanno@...eck.de> To: "vul@...safe" <vul@...safe.com> Cc: oss-security@...ts.openwall.com Subject: Re: Heapoverflow in giflib5.1.4 Hi, On Tue, 13 Sep 2016 23:20:08 +0800 "vul@...safe" <vul@...safe.com> wrote: > With Address Sanitizer there is aa heap overflow in giflib 5.1.4 > More details are available at: > https://sourceforge.net/p/giflib/bugs/102/ Two notes: * This is a bug *only* in the gif2rgb command line tool, not in giflib itself. * I reported this before. The giflib maintainer claimed multiple times that he has fixed it, yet he hasn't. See: https://sourceforge.net/p/giflib/bugs/79/ -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@...eck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ