Candidate: CVE-2017-18120
PublicDate: 2018-02-02 09:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18120
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878739
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881120
 https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909
 https://github.com/kohler/gifsicle/commit/263cd4519f45bc6ecde74ee280eb1d68ee2de642
 https://github.com/kohler/gifsicle/issues/117
Description:
 A double-free bug in the read_gif function in gifread.c in gifsicle 1.90
 allows a remote attacker to cause a denial-of-service attack or unspecified
 other impact via a maliciously crafted file, because last_name is
 mishandled, a different vulnerability than CVE-2017-1000421.
Ubuntu-Description:
 It was discovered that Gifsicle did not properly handle certain input. If a
 user were tricked into opening a malicious GIF, an attacker could potentially
 execute arbitrary code.
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_gifsicle:
upstream_gifsicle: released (1.91-1)
precise/esm_gifsicle: DNE
trusty_gifsicle: ignored (out of standard support)
trusty/esm_gifsicle: needed
xenial_gifsicle: ignored (end of standard support, was needed)
artful_gifsicle: ignored (reached end-of-life)
bionic_gifsicle: not-affected (1.91-2)
cosmic_gifsicle: not-affected (1.91-2)
disco_gifsicle: not-affected (1.91-2)
eoan_gifsicle: not-affected (1.91-2)
focal_gifsicle: not-affected (1.91-2)
groovy_gifsicle: not-affected (1.91-2)
hirsute_gifsicle: not-affected (1.91-2)
impish_gifsicle: not-affected (1.91-2)
jammy_gifsicle: not-affected (1.91-2)
devel_gifsicle: not-affected (1.91-2)