Ashish Patil

**Name of the Vulnerable Software and Affected Versions** GIFLIB version 5.1.4 **Description** The issue is related to a memory leak in the gif2rgb converter of the GIFLIB library, which can be exploited by remote attackers using specially crafted GIF files. This can lead to a denial of service due to an out-of-memory exception. **Recommendations** For GIFLIB version 5.1.4, consider updating to a newer version that addresses the memory leak issue in the gif2rgb converter. As a temporary workaround, restrict the use of the gif2rgb converter until a patch is available. Avoid processing untrusted GIF files with the affected library to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libfetch versions prior to 2021-07-26 **Description** The issue concerns the mishandling of numeric strings for the FTP and HTTP protocols. Specifically, the FTP passive mode implementation allows an out-of-bounds read due to the use of strtol to parse numbers into address bytes without checking for premature line endings. This results in the for-loop condition checking for the '0' terminator one byte too late. **Recommendations** For libfetch versions prior to 2021-07-26, consider updating to a version released after 2021-07-26 to resolve the issue. As a temporary workaround, consider restricting the use of FTP passive mode until a patch is available.