PT-2023-30713 · Giflib+6 · Giflib+6

Norbert

·

Publicado

2023-11-22

·

Atualizado

2025-08-13

·

CVE-2023-48161

CVSS v3.1

7.1

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions GifLib version 5.2.1
Description The issue is related to a buffer overflow in the GifLib project, which allows a local attacker to obtain sensitive information. This is achieved via the DumpSCreen2RGB function in gif2rgb.c.
Recommendations For GifLib version 5.2.1, consider disabling the DumpSCreen2RGB function in gif2rgb.c as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALSA-2024:8117
ALSA-2024:8121
ALSA-2024:8124
ALSA-2024:8127
ALSA-2024_8117
ALSA-2024_8121
ALSA-2024_8124
ALSA-2024_8127
AZL-32035
AZL-34729
CESA-2024_8117
CESA-2024_8121
CESA-2024_8124
CESA-2024_8127
CVE-2023-48161
ECHO-52D7-5DFD-8B70
ELSA-2024-12825
ELSA-2024-8116
ELSA-2024-8117
ELSA-2024-8120
ELSA-2024-8121
ELSA-2024-8124
ELSA-2024-8127
INFSA-2024_8117
INFSA-2024_8121
INFSA-2024_8124
INFSA-2024_8127
MGASA-2024-0364
OESA-2024-1757
OPENSUSE-SU-2024:13723-1
OPENSUSE-SU-2024_0786-1
RHSA-2024:8116
RHSA-2024:8117
RHSA-2024:8120
RHSA-2024:8121
RHSA-2024:8124
RHSA-2024:8127
RHSA-2024_8117
RHSA-2024_8121
RHSA-2024_8124
RHSA-2024_8127
RLSA-2024:8117
RLSA-2024:8121
RLSA-2024:8124
RLSA-2024:8127
RLSA-2024_8117
RLSA-2024_8121
RLSA-2024_8124
RLSA-2024_8127
ROSA-SA-2025-2557
SUSE-SU-2024:0786-1
SUSE-SU-2024_0786-1

Produtos afetados

Almalinux
Centos
Debian
Giflib
Red Hat
Rocky Linux
Suse