[3.1] giflib: heap buffer overflow in gif2rgb (CVE-2016-3977)
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib
5.1.2 allows remote attackers to cause a denial
of service (application crash) via the background color index in a GIF
file.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3977
https://sourceforge.net/p/giflib/bugs/87/
Fix:
https://sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88/
(from redmine: issue id 5516, created on 2016-04-28, closed on 2016-06-15)
- Relations:
- parent #5512 (closed)
- Changesets:
- Revision d723b3fe on 2016-06-14T11:43:23Z:
main/giflib: security fix (CVE-2016-3977). Fixes #5516
(cherry picked from commit 514514446dd382063ff206ed5fbf7352b5f4e941)