Opened 3 years ago

Closed 3 years ago

#11664 closed enhancement (fixed)

giflib-5.1.5 (CVE-2018-11490)

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: high Milestone: 8.4
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (3)

comment:1 by Douglas R. Reno, 3 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 3 years ago

Priority: normalhigh
Summary: giflib-5.1.5giflib-5.1.5 (CVE-2018-11490)
Version 5.1.6
=============

Build Fixes
-----------

Fix library installation in the Makefile.

Version 5.1.5
=============

Code Fixes
----------

* Fix SF bug #114: Null dereferences in main() of gifclrmp

* Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine()
  in cgif.c.  This had been assigned CVE-2018-11490.

# Fix SF bug #111: segmentation fault in PrintCodeBlock

* Fix SF bug #109: Segmentation fault of giftool reading a crafted file

* Fix SF bug #107: Floating point exception in giftext utility

* Fix SF bug: #105 heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317

* Fix SF bug #104: Ineffective bounds check in DGifSlurp

^ Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment

* Fix SF bug #87 Heap buffer overflow in 5.1.2 (gif2rgb).

Build Fixes
-----------

The horrible old autoconf build system has been removed with extreme prejudice. 
You now build this simply by running "make" from the top-level directory.

Marking as high for the CVE defined, although almost all of these are security changes.

"horrible old autoconf system" replaced by just a standard makefile? Ouch!

comment:3 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r21143

This one was a bit complex.

Note: See TracTickets for help on using tickets.