Bug 1217390 (CVE-2023-48161)

Summary: VUL-0: CVE-2023-48161: giflib: buffer overflow via the DumpSCreen2RGB function
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Fridrich Strba <fstrba>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gabriele.sonnu
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/385797/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2023-11-22 09:27:34 UTC 
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48161
Comment 1 Gabriele Sonnu 2023-11-22 09:28:13 UTC 
Upstream issue:

https://sourceforge.net/p/giflib/bugs/167/

No upstream fix yet.
Comment 2 Gabriele Sonnu 2024-02-26 09:05:13 UTC 
Same issue and fix as of bug 1198880. Closing as duplicate.

*** This bug has been marked as a duplicate of bug 1198880 ***
Comment 5 Maintenance Automation 2024-03-07 08:30:04 UTC 
SUSE-SU-2024:0786-1: An update that solves three vulnerabilities can now be installed.

Category: security (important)
Bug References: 1198880, 1200551, 1217390
CVE References: CVE-2021-40633, CVE-2022-28506, CVE-2023-48161
Sources used:
openSUSE Leap 15.5 (src): giflib-5.2.2-150000.4.13.1
Basesystem Module 15-SP5 (src): giflib-5.2.2-150000.4.13.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): giflib-5.2.2-150000.4.13.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): giflib-5.2.2-150000.4.13.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): giflib-5.2.2-150000.4.13.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): giflib-5.2.2-150000.4.13.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): giflib-5.2.2-150000.4.13.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): giflib-5.2.2-150000.4.13.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): giflib-5.2.2-150000.4.13.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): giflib-5.2.2-150000.4.13.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): giflib-5.2.2-150000.4.13.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): giflib-5.2.2-150000.4.13.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): giflib-5.2.2-150000.4.13.1
SUSE Manager Proxy 4.3 (src): giflib-5.2.2-150000.4.13.1
SUSE Manager Retail Branch Server 4.3 (src): giflib-5.2.2-150000.4.13.1
SUSE Manager Server 4.3 (src): giflib-5.2.2-150000.4.13.1
SUSE Enterprise Storage 7.1 (src): giflib-5.2.2-150000.4.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.