Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi,
I received two report bugs that may allow a denial-of-service attack.
Maybe one has already been fixed. #116 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878736
But this one is new I guess. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878739
Regards, Herbert
The text was updated successfully, but these errors were encountered:
gif_read: Set last_name = NULL unconditionally.
118a460
With a non-malicious GIF, last_name is set to NULL when a name extension is followed by an image. Reported in #117, via Debian, via a KAIST fuzzing program.
Thanks for this report, which is fixed!
Sorry, something went wrong.
For your information, the second bug (double free bug in gifdiff) was assigned CVE-2017-18120. Thank you for the fix!
No branches or pull requests
Hi,
I received two report bugs that may allow a denial-of-service attack.
Maybe one has already been fixed. #116
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878736
But this one is new I guess.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878739
Regards,
Herbert
The text was updated successfully, but these errors were encountered: