Bug 1079102 - (CVE-2017-18120) VUL-0: CVE-2017-18120: gifsicle: double-free bug in the read_gif function in gifread.c
(CVE-2017-18120)
VUL-0: CVE-2017-18120: gifsicle: double-free bug in the read_gif function in ...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.3
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Manfred Schwarb
Security Team bot
https://smash.suse.de/issue/199369/
CVSSv3:RedHat:CVE-2017-1000421:3.3:(...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-02 14:26 UTC by Alexander Bergmann
Modified: 2018-02-05 13:53 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-02-02 14:26:19 UTC
CVE-2017-18120

A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows
a remote attacker to cause a denial-of-service attack or unspecified other
impact via a maliciously crafted file, because last_name is mishandled, a
different vulnerability than CVE-2017-1000421.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18120
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881120
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18120
https://github.com/kohler/gifsicle/issues/117
https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909
Comment 1 Manfred Schwarb 2018-02-02 21:10:21 UTC
All active openSUSE versions are on version 1.91 and have this
vulnerability fixed.