PublicDateAtUSN: 2018-05-26
Candidate: CVE-2018-11490
PublicDate: 2018-05-26 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11490
 https://ubuntu.com/security/notices/USN-4107-1
Description:
 The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version
 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer
 overflow because a certain "Private->RunningCode - 2" array index is not
 checked. This will lead to a denial of service or possibly unspecified
 other impact.
Ubuntu-Description:
Notes:
Bugs:
 https://sourceforge.net/p/giflib/bugs/113/
 https://github.com/pts/sam2p/issues/38
Priority: low
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_giflib:
 upstream: https://sourceforge.net/p/giflib/code/ci/08438a5098f3bb1de23a29334af55eba663f75bd/
upstream_giflib: needs-triage
precise/esm_giflib: DNE
trusty_giflib: ignored (reached end-of-life)
trusty/esm_giflib: DNE (trusty was needed)
xenial_giflib: released (5.1.4-0.3~16.04.1)
esm-infra/xenial_giflib: released (5.1.4-0.3~16.04.1)
artful_giflib: ignored (reached end-of-life)
bionic_giflib: released (5.1.4-2ubuntu0.1)
cosmic_giflib: ignored (reached end-of-life)
disco_giflib: released (5.1.4-3ubuntu0.1)
devel_giflib: released (5.1.4-3ubuntu1)