Opened 5 years ago

Closed 5 years ago

#11664 closed enhancement (fixed)

giflib-5.1.5 (CVE-2018-11490)

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: high Milestone: 8.4
Component: BOOK Version: SVN
Severity: normal Keywords:


New point version.

Change History (3)

comment:1 by Douglas R. Reno, 5 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 5 years ago

Priority: normalhigh
Summary: giflib-5.1.5giflib-5.1.5 (CVE-2018-11490)
Version 5.1.6

Build Fixes

Fix library installation in the Makefile.

Version 5.1.5

Code Fixes

* Fix SF bug #114: Null dereferences in main() of gifclrmp

* Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine()
  in cgif.c.  This had been assigned CVE-2018-11490.

# Fix SF bug #111: segmentation fault in PrintCodeBlock

* Fix SF bug #109: Segmentation fault of giftool reading a crafted file

* Fix SF bug #107: Floating point exception in giftext utility

* Fix SF bug: #105 heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317

* Fix SF bug #104: Ineffective bounds check in DGifSlurp

^ Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment

* Fix SF bug #87 Heap buffer overflow in 5.1.2 (gif2rgb).

Build Fixes

The horrible old autoconf build system has been removed with extreme prejudice. 
You now build this simply by running "make" from the top-level directory.

Marking as high for the CVE defined, although almost all of these are security changes.

"horrible old autoconf system" replaced by just a standard makefile? Ouch!

comment:3 by Douglas R. Reno, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r21143

This one was a bit complex.

Note: See TracTickets for help on using tickets.