Eric S. Raymond

**Name of the Vulnerable Software and Affected Versions** giflib version 5.1.2 **Description** The issue is related to a heap-based buffer overflow in the util/gif2rgb.c file of the gif2rgb component in giflib. This can be exploited by remote attackers to cause a denial of service, specifically an application crash, by manipulating the background color index in a GIF file. **Recommendations** For giflib version 5.1.2, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** gpsd versions prior to 3.9 **Description** The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence. This sentence lacks certain fields and a terminator. **Recommendations** For versions prior to 3.9, update to version 3.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the NMEA0183 driver to minimize the risk of exploitation.