Bug 1198880 - (CVE-2022-28506) VUL-1: CVE-2022-28506: giflib: Heap Buffer overflow in function DumpScreen2RGB()
(CVE-2022-28506)
VUL-1: CVE-2022-28506: giflib: Heap Buffer overflow in function DumpScreen2RGB()
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Fridrich Strba
Security Team bot
https://smash.suse.de/issue/329997/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-04-26 10:32 UTC by Hu
Modified: 2022-04-26 11:15 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
QA Reproducer (1.38 KB, image/gif)
2022-04-26 10:37 UTC, Hu
Details

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Hu 2022-04-26 10:33:31 UTC
Affected:
- openSUSE:Factory/giflib     5.2.1

Not affected:
- SUSE:SLE-11:Update/giflib   4.1.6
- SUSE:SLE-12:Update/giflib   5.0.5
- SUSE:SLE-15:Update/giflib   5.1.4
Comment 2 Hu 2022-04-26 10:37:30 UTC
Created attachment 858432 [details]
QA Reproducer

1. Compile with ASAN: add "-fsanitize=address" to the CFLAGS in the Makefile
2. make
3. ./gif2rgb giflib_poc
Comment 3 Hu 2022-04-26 10:40:01 UTC
There is no upstream fix yet.