Advisories » MGASA-2016-0020

Updated giflib packages fix security vulnerability

Publication date: 15 Jan 2016
Modification date: 17 Feb 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-7555

Description

A heap-based buffer overflow vulnerability was found in giffix utility of
giflib when processing records of the type 'IMAGE_DESC_RECORD_TYPE' due to
the allocated size of 'LineBuffer' equaling the value of the logical
screen width, 'GifFileIn->SWidth', while subsequently having
'GifFileIn->Image.Width' bytes   of data written to it (CVE-2015-7555).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17376
• https://lists.fedoraproject.org/pipermail/package-announce/2016-January/174870.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7555

SRPMS

5/core

• giflib-4.2.3-4.2.mga5