Common Vulnerabilities and Exposures assigned an identifier CVE-2005-2974 to the following vulnerability: libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference. References: http://scary.beasts.org/security/CESA-2005-007.txt http://sourceforge.net/project/shownotes.php?release_id=364493 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413
Created attachment 338678 [details] Chris Evans' PoC - bad1.gif Source: http://scary.beasts.org/security/CESA-2005-007.txt
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0444 https://rhn.redhat.com/errata/RHSA-2009-0444.html
giflib-4.1.3-10.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/giflib-4.1.3-10.fc9
giflib-4.1.3-10.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
giflib-4.1.6-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.