Bug 129927 - (CVE-2005-3350) VUL-0: CVE-2005-3350: libungif crashes
(CVE-2005-3350)
VUL-0: CVE-2005-3350: libungif crashes
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Major
: ---
Assigned To: Security Team bot
Security Team bot
CVE-2005-3350: CVSS v2 Base Score: 7....
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-21 08:46 UTC by Marcus Meissner
Modified: 2021-09-27 08:49 UTC (History)
2 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
fix for memleak (812 bytes, patch)
2005-10-28 08:08 UTC, Ludwig Nussel
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Ludwig Nussel 2005-10-21 15:43:54 UTC
CRD Nov 3rd
Comment 2 Ludwig Nussel 2005-10-24 12:55:50 UTC
   2 local non-root user
  +1 default package
  +1 default active
  -1 user interaction
  +1 command execution

Total Score: 4 (Moderate)
Comment 4 Vladimir Nadvornik 2005-10-24 16:09:36 UTC
libungif packages are submitted for sles8, sles9 and 9.0
giflib packages are submitted for 9.2-10.0
Comment 5 Ludwig Nussel 2005-10-25 12:02:37 UTC
The patch, especially the one for giflib, contains unneeded stuff. I also believe the fix introduces a memleak in the error case. Will investigate further.
Comment 6 Ludwig Nussel 2005-10-28 08:08:35 UTC
Created attachment 55820 [details]
fix for memleak

newer libungif already have that fix. I'd suggest to include it in our versions. The patches for giflib contain unleated changes but should be fine.
Comment 7 Vladimir Nadvornik 2005-10-31 16:33:32 UTC
I added the memory leak fix to libungif and  
removed the unneeded stuff from giflib. It was mainly a 64bit fix which is in 
our packages fixed by another patch.

Packages are submitted to /work/src/done/*/*.new
Comment 8 Ludwig Nussel 2005-10-31 16:49:56 UTC
bad1.gif trigger a NULL dereference crash
CVE-2005-2974 libungif NULL pointer deref

bad2 and bad3 trigger out of bounds memory access crashes.  bad2 may
possibly allow for arbitrary code execution as it's an OOB write.
CVE-2005-3350 libungif OOB access

Maintenance-Tracker-2714
Comment 9 Ludwig Nussel 2005-11-07 12:12:09 UTC
updates released
Comment 10 Thomas Biege 2009-10-13 21:43:31 UTC
CVE-2005-3350: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)