[3.0] giflib: heap buffer overflow in gif2rgb (CVE-2016-3977)
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib
5.1.2 allows remote attackers to cause a denial
of service (application crash) via the background color index in a GIF
file.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3977
https://sourceforge.net/p/giflib/bugs/87/
Fix:
https://sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88/
(from redmine: issue id 5517, created on 2016-04-28, closed on 2016-06-15)
- Relations:
- parent #5512 (closed)
- Changesets:
- Revision a51a6984 on 2016-06-02T07:36:57Z:
main/giflib: security fix (CVE-2016-3977). Fixes #5517