UbuntuUpdates.org

Package "giflib"

Name: giflib

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • library for GIF images (development)
  • library for GIF images (library)
Latest version: 5.1.4-2ubuntu0.1
Release: bionic (18.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "giflib" in Bionic

Repository Area Version
base main 5.1.4-2
base universe 5.1.4-2
security main 5.1.4-2ubuntu0.1
security universe 5.1.4-2ubuntu0.1
updates universe 5.1.4-2ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.1.4-2ubuntu0.1 2019-08-20 17:07:17 UTC

  giflib (5.1.4-2ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2016-3977.patch: fix SF
      in heap buff overflow in lib/dgif_lig.c,
      util/gif2rgb.c.
    - CVE-2016-3977
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-11490.patch: adding checks
      in DGifDecompressLine in order to avoid a heap buffer overflow and
      a denial of service in lib/dgif_lib.c.
    - CVE-2018-11490
  * SECURITY UPDATE: Divide-by-zero
    - debian/patches/CVE-2019-15133.patch: adding checks bounds
      in lib/dgif_lib.c.
    - CVE-2019-15133

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 19 Aug 2019 15:35:19 -0300
CVE-2016-3977 Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via
CVE-2018-11490 The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer
CVE-2019-15133 In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height f


About   -   Send Feedback to @ubuntu_updates