Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d47bb80.ff77.1527e58ea1c.Coremail.xiaoqixue_1@163.com>
Date: Tue, 26 Jan 2016 22:31:42 +0800 (CST)
From: xiaoqixue_1  <xiaoqixue_1@....com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: a bug in gif2rgb.c in giflib-5.1.2





We find a memory allocation whose size could be zero in gif2rgb.c. 
and It will result to several memory out of bound read and write. the bug in gif2rgb.c:386 :

386 if ((ScreenBuffer = (GifRowType *) 
387 malloc(GifFile->SHeight * sizeof(GifRowType))) == NULL) 
388 GIF_EXIT("Failed to allocate memory required, aborted.");


Please see "http://sourceforge.net/p/giflib/bugs/82/" for more details.




the bug was found by Qixue Xiao at Tsinghua University.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.