Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Sep 2016 18:55:08 +0200
From: Hanno Böck <hanno@...eck.de>
To: "vul@...safe" <vul@...safe.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: Heapoverflow in giflib5.1.4

Hi,

On Tue, 13 Sep 2016 23:20:08 +0800
"vul@...safe" <vul@...safe.com> wrote:

> With Address Sanitizer there is aa heap overflow in giflib 5.1.4
> More details are available at:
> https://sourceforge.net/p/giflib/bugs/102/

Two notes:
* This is a bug *only* in the gif2rgb command line tool, not in giflib
  itself.
* I reported this before. The giflib maintainer claimed multiple times
  that he has fixed it, yet he hasn't. See:
https://sourceforge.net/p/giflib/bugs/79/

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ