Bug 171417
| Summary: | CVE-2005-2974 Several libungif issues (CVE-2005-3350) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Josh Bressers <bressers> |
| Component: | libungif | Assignee: | Matthias Clasen <mclasen> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4 | CC: | security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | impact=important,source=vendorsec,public=20051103,reported=20051021 | ||
| Fixed In Version: | libungif-4.1.3-3.fc4.2 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-11-08 13:39:48 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Josh Bressers
2005-10-21 16:16:38 UTC
This issue should also affect FC3 bad1.gif triggers a NULL dereference crash CVE-2005-2974 libungif NULL pointer deref bad2 and bad3 trigger out of bounds memory access crashes. bad2 may possibly allow for arbitrary code execution as it's an OOB write. CVE-2005-3350 libungif OOB access Lifting embargo From User-Agent: XML-RPC libungif-4.1.3-1.fc3.2 has been pushed for FC3, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report. From User-Agent: XML-RPC libungif-4.1.3-3.fc4.2 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report. |