Candidate: CVE-2018-11489
PublicDate: 2018-05-26 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11489
Description:
 The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version
 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer
 overflow because a certain CrntCode array index is not checked. This will
 lead to a denial of service or possibly unspecified other impact.
Ubuntu-Description:
Notes:
Bugs:
 https://sourceforge.net/p/giflib/bugs/112/
 https://github.com/pts/sam2p/issues/37
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_giflib:
 other: https://github.com/pts/sam2p/issues/37#issuecomment-409870800
upstream_giflib: needs-triage
precise/esm_giflib: DNE
trusty_giflib: ignored (reached end-of-life)
trusty/esm_giflib: DNE (trusty was needed)
xenial_giflib: not-affected (5.1.4-0.3~16.04.1)
esm-infra/xenial_giflib: not-affected (5.1.4-0.3~16.04.1)
artful_giflib: ignored (reached end-of-life)
bionic_giflib: not-affected (5.1.4-2ubuntu0.1)
cosmic_giflib: ignored (reached end-of-life)
disco_giflib: ignored (reached end-of-life)
eoan_giflib: ignored (reached end-of-life)
focal_giflib: not-affected (5.1.9-1)
groovy_giflib: not-affected (5.1.9-1)
devel_giflib: not-affected (5.1.9-2)