Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250407180344.3cba0427@hboeck.de>
Date: Mon, 7 Apr 2025 18:03:44 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2025-31344: giflib: The giflib open-source
 component has a buffer overflow vulnerability.

On Mon, 07 Apr 2025 21:15:25 +0800
李亚杰 <liyajie@...neuler.sh> wrote:

> In the function DumpScreen2RGB of the giflib software, an attempt is
> made to access the color map through ColorMapEntry. The size of
> ColorMap is 6 bytes (from 0x602000000030 to 0x602000000036). However,
> when accessing ColorMap->Colors[GifRow[j]], the value of GifRow[j]
> exceeds the actual number of colors stored. The address pointed to by
> ColorMapEntry, 0x602000000039, goes beyond the allocated memory range
> for color data. As a result, accessing ColorMapEntry->Red leads to
> out-of-bounds access, causing a heap-buffer-overflow.

I...
think I reported this in 2016 already:
https://sourceforge.net/p/giflib/bugs/79/

The bug was closed without a fix, yet with giflib's author claiming
multiple times that it was fixed.

-- 
Hanno Böck
https://hboeck.de/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.