Bugzilla – Bug 129927
VUL-0: CVE-2005-3350: libungif crashes
Last modified: 2021-09-27 08:49:23 UTC
CRD Nov 3rd
2 local non-root user +1 default package +1 default active -1 user interaction +1 command execution Total Score: 4 (Moderate)
libungif packages are submitted for sles8, sles9 and 9.0 giflib packages are submitted for 9.2-10.0
The patch, especially the one for giflib, contains unneeded stuff. I also believe the fix introduces a memleak in the error case. Will investigate further.
Created attachment 55820 [details] fix for memleak newer libungif already have that fix. I'd suggest to include it in our versions. The patches for giflib contain unleated changes but should be fine.
I added the memory leak fix to libungif and removed the unneeded stuff from giflib. It was mainly a 64bit fix which is in our packages fixed by another patch. Packages are submitted to /work/src/done/*/*.new
bad1.gif trigger a NULL dereference crash CVE-2005-2974 libungif NULL pointer deref bad2 and bad3 trigger out of bounds memory access crashes. bad2 may possibly allow for arbitrary code execution as it's an OOB write. CVE-2005-3350 libungif OOB access Maintenance-Tracker-2714
updates released
CVE-2005-3350: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)