CVE-2023-39742 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Affected Products (NVD)

Vendor	Product	Version
giflib_project	giflib	5.2.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

giflib

bookworm	unimportant
bullseye	unimportant
sid	unimportant
trixie	unimportant

Ubuntu Releases

Ubuntu Product

Codename

giflib

bionic	Fixed 5.1.4-2ubuntu0.1+esm1 released
focal	Fixed 5.1.9-1ubuntu0.1 released
jammy	not-affected
lunar	ignored
mantic	not-affected
noble	not-affected
trusty	ignored
xenial	Fixed 5.1.4-0.3~16.04.1+esm1 released

openSUSE / SLES Releases

openSUSE Product

Release

giflib-progs

suse enterprise sap 12 SP5	5.0.5-13.6.1 fixed
suse enterprise server 12 SP3	5.0.6-13.12.1 fixed
suse enterprise server 12 SP5	5.0.5-13.6.1 fixed

libgif6

suse enterprise sap 12 SP5	5.0.5-13.6.1 fixed
suse enterprise server 12 SP3	5.0.6-13.12.1 fixed
suse enterprise server 12 SP5	5.0.5-13.6.1 fixed

libgif6-32bit

suse enterprise sap 12 SP5	5.0.5-13.6.1 fixed
suse enterprise server 12 SP3	5.0.6-13.12.1 fixed
suse enterprise server 12 SP5	5.0.5-13.6.1 fixed

Known Exploits!

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://gist.github.com/huanglei3/ec9090096aa92445cf0a8baa8e929084

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4RLSFGPBPR3FMIUJCWPGVIYIU35YGQX/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPNBOB65TEA4ZEPLVENI26BY4LEX7TEF/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5WO6WL2TCGO6T4VKGACDIVSZI74WJAU/

https://sourceforge.net/p/giflib/bugs/166/

https://gist.github.com/huanglei3/ec9090096aa92445cf0a8baa8e929084

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4RLSFGPBPR3FMIUJCWPGVIYIU35YGQX/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPNBOB65TEA4ZEPLVENI26BY4LEX7TEF/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5WO6WL2TCGO6T4VKGACDIVSZI74WJAU/

https://sourceforge.net/p/giflib/bugs/166/