Bugzilla – Bug 129927
VUL-0: CVE-2005-3350: libungif crashes
Last modified: 2021-09-27 08:49:23 UTC
CRD Nov 3rd
2 local non-root user
+1 default package
+1 default active
-1 user interaction
+1 command execution
Total Score: 4 (Moderate)
libungif packages are submitted for sles8, sles9 and 9.0
giflib packages are submitted for 9.2-10.0
The patch, especially the one for giflib, contains unneeded stuff. I also believe the fix introduces a memleak in the error case. Will investigate further.
Created attachment 55820 [details]
fix for memleak
newer libungif already have that fix. I'd suggest to include it in our versions. The patches for giflib contain unleated changes but should be fine.
I added the memory leak fix to libungif and
removed the unneeded stuff from giflib. It was mainly a 64bit fix which is in
our packages fixed by another patch.
Packages are submitted to /work/src/done/*/*.new
bad1.gif trigger a NULL dereference crash
CVE-2005-2974 libungif NULL pointer deref
bad2 and bad3 trigger out of bounds memory access crashes. bad2 may
possibly allow for arbitrary code execution as it's an OOB write.
CVE-2005-3350 libungif OOB access
CVE-2005-3350: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)