| Summary: | <media-gfx/gifsicle-1.94: floating point exception DoS | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | CONFIRMED --- | ||
| Severity: | minor | CC: | ajak, hanno, maintainer-needed |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/kohler/gifsicle/issues/196 | ||
| Whiteboard: | B3 [glsa? cleanup] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 923912 | ||
| Bug Blocks: | |||
|
Description
John Helmert III
2023-11-24 21:38:36 UTC
CVE-2023-36193 (https://github.com/kohler/gifsicle/issues/191): Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c. This one's fixed in 1.94: https://github.com/kohler/gifsicle/commit/e21a05a00855b3e647302f06683aca743ae08deb The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df23eb8615a940966c296847601bcb91d3bb8435 commit df23eb8615a940966c296847601bcb91d3bb8435 Author: Hanno Böck <hanno@gentoo.org> AuthorDate: 2024-02-04 13:32:13 +0000 Commit: Hanno Böck <hanno@gentoo.org> CommitDate: 2024-02-04 13:40:36 +0000 media-gfx/gifsicle: Version bump and security fix CVE-2023-36193 is fixed in 1.94. CVE-2023-46009 fixed by patch from upstream repo (not released yet). Bug: https://bugs.gentoo.org/918436 Signed-off-by: Hanno Böck <hanno@gentoo.org> media-gfx/gifsicle/Manifest | 1 + .../files/gifsicle-1.94-CVE-2023-46009.patch | 94 ++++++++++++++++++++++ media-gfx/gifsicle/gifsicle-1.94.ebuild | 33 ++++++++ 3 files changed, 128 insertions(+) |