CVE-2023-46009: gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c. Patches available, seemingly no release yet: https://github.com/kohler/gifsicle/commit/76b1f021dd185ceff7b4a71a9f96a6026aca06af https://github.com/kohler/gifsicle/commit/06d533628b1f3a75d06cbb29773dc6aaa2916fc3
CVE-2023-36193 (https://github.com/kohler/gifsicle/issues/191): Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c. This one's fixed in 1.94: https://github.com/kohler/gifsicle/commit/e21a05a00855b3e647302f06683aca743ae08deb
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df23eb8615a940966c296847601bcb91d3bb8435 commit df23eb8615a940966c296847601bcb91d3bb8435 Author: Hanno Böck <hanno@gentoo.org> AuthorDate: 2024-02-04 13:32:13 +0000 Commit: Hanno Böck <hanno@gentoo.org> CommitDate: 2024-02-04 13:40:36 +0000 media-gfx/gifsicle: Version bump and security fix CVE-2023-36193 is fixed in 1.94. CVE-2023-46009 fixed by patch from upstream repo (not released yet). Bug: https://bugs.gentoo.org/918436 Signed-off-by: Hanno Böck <hanno@gentoo.org> media-gfx/gifsicle/Manifest | 1 + .../files/gifsicle-1.94-CVE-2023-46009.patch | 94 ++++++++++++++++++++++ media-gfx/gifsicle/gifsicle-1.94.ebuild | 33 ++++++++ 3 files changed, 128 insertions(+)
