CVE-2023-44821

Name of the Vulnerable Software and Affected Versions Gifsicle versions 1.92 through 1.94

Description The issue might allow a denial of service due to memory consumption if Gifsicle is deployed in a way that allows untrusted input to affect Gif Realloc calls. However, this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation and does not have realistic use cases in which an adversary controls the entire command line. A buffer overflow vulnerability via the --crop parameter in the command line parameters could also lead to a denial of service.

Recommendations For Gifsicle versions 1.92 through 1.94, consider restricting the use of the --crop parameter in the command line to minimize the risk of exploitation. As a temporary workaround, avoid using Gifsicle in scenarios where untrusted input could affect Gif Realloc calls until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.