SUSE-SU-2024:0786-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:0786-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2024:0786-1

Related

Published

2024-03-06T20:07:22Z

Modified

2024-03-06T20:07:22Z

Summary

Security update for giflib

Details

This update for giflib fixes the following issues:

Update to version 5.2.2

Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880)
#138 Documentation for obsolete utilities still installed
#139: Typo in 'LZW image data' page ('1102 = 410')
#140: Typo in 'LZW image data' page ('LWZ')
#141: Typo in 'Bits and bytes' page ('filed')
Note as already fixed SF issue #143: cannot compile under mingw
#144: giflib-5.2.1 cannot be build on windows and other platforms using c89
#145: Remove manual pages installation for binaries that are not installed too
#146: [PATCH] Limit installed man pages to binaries, move giflib to section 7
#147 [PATCH] Fixes to doc/whatsinagif/ content
#148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB
Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1
Declared Won't-fix on SF issue 149: Out of source builds no longer possible
#151: A heap-buffer-overflow in gif2rgb.c:294:45
#152: Fix some typos on the html documentation and man pages
#153: Fix segmentation faults due to non correct checking for args
#154: Recover the giffilter manual page
#155: Add gifsponge docs
#157: An OutofMemory-Exception or Memory Leak in gif2rgb
#158: There is a null pointer problem in gif2rgb
#159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45
#163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c
#164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c
#166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c
#167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c

References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP5 / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP3-LTSS / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP4-LTSS / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP4 / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Manager Proxy 4.3 / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Manager%20Proxy%204.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Manager Server 4.3 / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Manager%20Server%204.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

SUSE:Enterprise Storage 7.1 / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=SUSE%20Enterprise%20Storage%207.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libgif7": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1"
        }
    ]
}

openSUSE:Leap 15.5 / giflib

Package

Name: giflib
Purl: purl:rpm/suse/giflib&distro=openSUSE%20Leap%2015.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2-150000.4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "giflib-progs": "5.2.2-150000.4.13.1",
            "libgif7": "5.2.2-150000.4.13.1",
            "libgif7-32bit": "5.2.2-150000.4.13.1",
            "giflib-devel": "5.2.2-150000.4.13.1",
            "giflib-devel-32bit": "5.2.2-150000.4.13.1"
        }
    ]
}