CVE-2020-10809: Out-of-bounds Write

March 22, 2020 (updated April 30, 2020)

A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

References

nvd.nist.gov/vuln/detail/CVE-2020-10809

Detect and mitigate CVE-2020-10809 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →