PT-2019-3240 · Giflib+3 · Giflib+3

Publicado

2019-02-09

Atualizado

2024-06-15

CVE-2019-15133

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GIFLIB versions prior to 2019-02-16

Description The issue is related to errors in division by zero in the DGifSlurp function of the GIFLIB library, which handles GIF files. This can be triggered by a malformed GIF file where the height field of the ImageSize data structure is equal to zero. Exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For GIFLIB versions prior to 2019-02-16, update to a version released after 2019-02-16 to resolve the issue. As a temporary workaround, consider restricting the use of the DGifSlurp function in dgif lib.c until a patch is available. Avoid using the library to process untrusted or malformed GIF files until the issue is resolved.

Correção

Divide By Zero

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-369

Identificadores relacionados

BDU:2019-03230

CVE-2019-15133

DLA-3223-1

MGASA-2019-0252

OPENSUSE-SU-2022_1565-1

OPENSUSE-SU-2024:13723-1

SUSE-SU-2022:1565-1

SUSE-SU-2022_1565-1

SUSE-SU-2023:1970-2

USN-4107-1

Produtos afetados

Astra Linux

Giflib

Suse

Ubuntu

PT-2019-3240 · Giflib+3 · Giflib+3

CVE-2019-15133

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40