Bug 1583399 (CVE-2018-11489)

Summary: CVE-2018-11489 giflib: heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: apevec, chrisw, jaromir.capik, jjoyce, jschluet, kbasil, lhh, lpeer, manisandro, markmc, mburns, rbryant, sclewis, slinaber, tdecacqu, vgaikwad
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-08-02 09:52:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1583402, 1583403    
Bug Blocks: 1583408    

Description Laura Pardo 2018-05-28 22:18:57 UTC 
A flaw was found in the DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.


References:
https://github.com/pts/sam2p/issues/37
Comment 1 Laura Pardo 2018-05-28 22:19:45 UTC 
Created giflib tracking bugs for this issue:

Affects: fedora-all [bug 1583403]
Comment 3 James Hebden 2018-06-05 05:35:55 UTC 
phantomjs used in RHOSP7-optools bundles version 4.0 of giflib, which does not contain the vulnerable DGifDecompressLine function.
Comment 4 Sandro Mani 2018-06-15 20:56:28 UTC 
Upstream ticket: https://sourceforge.net/p/giflib/bugs/112/
Comment 5 Stefan Cornelius 2018-08-02 09:53:00 UTC 
Statement:

This issue did not affect the versions of giflib as shipped with Red Hat Enterprise Linux 5, 6, an 7.