PT-2021-8050 · Giflib+5 · Giflib+5

Ashish Patil

Published

2021-09-02

Updated

2025-08-13

CVE-2021-40633

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GIFLIB version 5.1.4

Description The issue is related to a memory leak in the gif2rgb converter of the GIFLIB library, which can be exploited by remote attackers using specially crafted GIF files. This can lead to a denial of service due to an out-of-memory exception.

Recommendations For GIFLIB version 5.1.4, consider updating to a newer version that addresses the memory leak issue in the gif2rgb converter. As a temporary workaround, restrict the use of the gif2rgb converter until a patch is available. Avoid processing untrusted GIF files with the affected library to minimize the risk of exploitation.

Exploit

Fix

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

AZL-41515

BDU:2024-05192

CVE-2021-40633

ECHO-1988-DB30-DF19

OESA-2024-1595

OESA-2024-1599

OESA-2024-1602

OESA-2024-1664

OESA-2024-1665

OESA-2024-1666

OPENSUSE-SU-2024:13723-1

OPENSUSE-SU-2024_0786-1

SUSE-SU-2024:0786-1

SUSE-SU-2024:1622-1

USN-6824-1

Affected Products

Debian

Giflib

Linuxmint

Red Os

Suse

Ubuntu

PT-2021-8050 · Giflib+5 · Giflib+5

CVE-2021-40633

Weakness Enumeration

Related Identifiers

Affected Products

References · 47