Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 953355 (CVE-2025-31344) - media-libs/giflib buffer overflow
Summary: media-libs/giflib buffer overflow
Status: IN_PROGRESS
Alias: CVE-2025-31344
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://seclists.org/oss-sec/2025/q2/21
Whiteboard:
Keywords: PATCH
Depends on:
Blocks: CVE-2023-48161
  Show dependency tree
 
Reported: 2025-04-07 15:21 UTC by Sebastian Pipping
Modified: 2025-04-08 16:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Pipping gentoo-dev 2025-04-07 15:21:15 UTC 
It's not clear to me yet if there already is a patch.
The link into the oss-security archive hopefully has an answer soon.
Comment 1 Sebastian Pipping gentoo-dev 2025-04-07 21:24:32 UTC 
Bernhard Rosenkraenzer (https://github.com/berolinux) has shared a candidate patch (https://github.com/OpenMandrivaAssociation/giflib/blob/master/giflib-5.2.2-cve-2025-31344.patch) a moment ago and (while I do not have a reproducer GIF file to test it with) and the patch looks good to me:
my vote for application in Gentoo.