CVE-2005-3350

Name of the Vulnerable Software and Affected Versions libungif library versions prior to 4.1.0 giflib versions 4.1.3 libungif-progs versions 4.1.0 and 4.1.3 libungif-devel versions 4.1.0 and 4.1.3 giflib-devel version 4.1.3 giflib-utils version 4.1.3

Description The issue concerns multiple vulnerabilities in the libungif library and related packages in Red Hat Enterprise Linux, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities allow attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.

Recommendations For libungif library versions prior to 4.1.0, update to version 4.1.0 or later. For giflib versions 4.1.3, consider disabling the use of GIF files until a patch is available. For libungif-progs versions 4.1.0 and 4.1.3, restrict access to the vulnerable packages to minimize the risk of exploitation. For libungif-devel versions 4.1.0 and 4.1.3, avoid using the vulnerable development libraries until the issue is resolved. For giflib-devel version 4.1.3, consider disabling the development library until a patch is available. For giflib-utils version 4.1.3, restrict access to the vulnerable utilities to minimize the risk of exploitation.