Source: giflib Version: 5.2.2-1 Severity: normal Tags: security patch
Dear Maintainer, I'm submitting a patch for heap-buffer-overflow in the giflib package. Vulnerability details: - Description: In CVE-2022-28506 has fixed the DumpScreen2RGB if(OneFileFlag=true) case, but has not fixed the else case. You can view the details on this issue:https://gitee.com/src-openeuler/giflib/issues/IBCFC4. - Affected versions: All versions - Fixed patch in:https://gitee.com/src-openeuler/giflib/commit/2c10c1abf8ff2e88b1da04e050bb721487b73fa3 The patch has been tested on Debian sid and works correctly. If you think it necessary, please help me upload it to upstream Best regards, Bo Liu
Description: In CVE-2022-28506 has fixed the DumpScreen2RGB if(OneFileFlag=true) case, but has not fixed the else case . This patch adds the else, refer to https://sourceforge.net/u/mmuzila/giflib/ci/fix-cve-2022-28506/ . Author: Bo Liu <liub...@kylinos.cn> Last-Update: 2025-04-18 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- giflib-5.2.2.orig/gif2rgb.c +++ giflib-5.2.2/gif2rgb.c @@ -329,6 +329,11 @@ static void DumpScreen2RGB(char *FileNam GifRow = ScreenBuffer[i]; GifQprintf("\b\b\b\b%-4d", ScreenHeight - i); for (j = 0; j < ScreenWidth; j++) { + /* Check if color is within color palete */ + if (GifRow[j] >= ColorMap->ColorCount) { + GIF_EXIT(GifErrorString( + D_GIF_ERR_IMAGE_DEFECT)); + } ColorMapEntry = &ColorMap->Colors[GifRow[j]]; Buffers[0][j] = ColorMapEntry->Red; Buffers[1][j] = ColorMapEntry->Green;
