Bug 1583400 (CVE-2018-11490)

Summary: CVE-2018-11490 giflib: heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: apevec, chrisw, jaromir.capik, jjoyce, jschluet, kbasil, lhh, lpeer, manisandro, markmc, mburns, rbryant, sclewis, slinaber, tdecacqu, vgaikwad
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-08-02 09:52:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1583404, 1583405    
Bug Blocks: 1583408    

Description Laura Pardo 2018-05-28 22:18:57 UTC
A flaw was found in the DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.


Comment 1 Laura Pardo 2018-05-28 22:19:47 UTC
Created giflib tracking bugs for this issue:

Affects: fedora-all [bug 1583404]

Comment 3 James Hebden 2018-06-05 05:36:07 UTC
phantomjs used in RHOSP7-optools bundles version 4.0 of giflib, which does not contain the vulnerable DGifDecompressLine function.

Comment 4 Sandro Mani 2018-06-15 20:57:18 UTC
Upstream ticket: https://sourceforge.net/p/giflib/bugs/113/

Comment 5 Stefan Cornelius 2018-08-02 09:53:02 UTC

This issue did not affect the versions of giflib as shipped with Red Hat Enterprise Linux 5, 6, an 7.