[Buildroot] [PATCH v2, 1/2] package/giflib: add two upstream security fixes
Peter Korsgaard
peter at korsgaard.com
Mon Sep 2 15:36:55 UTC 2019
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> - Fix CVE-2018-11490: The DGifDecompressLine function in dgif_lib.c in
> GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p
> 0.49.4, has a heap-based buffer overflow because a certain
> "Private->RunningCode - 2" array index is not checked. This will lead
> to a denial of service or possibly unspecified other impact.
> - Fix CVE-2019-15133: In GIFLIB before 2019-02-16, a malformed GIF file
> triggers a divide-by-zero exception in the decoder function DGifSlurp
> in dgif_lib.c if the height field of the ImageSize data structure is
> equal to zero.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2019.02.x and 2019.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list