New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Two FPE bugs unique in gifsicle-1.94 #196
Comments
Thank you for reporting them! |
Will there be a new release soon with these fixes? Thanks. |
This is CVE-2023-46009: gifsicle: floating point exception vulnerability via resize_stream at src/xform.c |
Again, a release with this fix would be very much appreciated. Thanks. |
I've released 1.95 with this fix. |
Thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We found 2 FPE bugs in gifsicle-1.94. Initially, we thought #193 would be applicable. However, upon discovering that the same reproduction steps didn't work in gifsicle-1.93, we believe this issue might be different.
Reproduction
Build gifsicle-1.94 with ASAN, then run
We ran it on a 64-bit Ubuntu 18.04.
ASAN Report
The text was updated successfully, but these errors were encountered: