Advisories for Conan/Giflib package

2023

Out-of-bounds Write

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.

2022

Missing Release of Memory after Effective Lifetime

A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.

Out-of-bounds Write

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.

2021

Out-of-bounds Read

An issue was discovered in giflib DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.