1094829 – (CVE-2018-11489) VUL-1: CVE-2018-11489: giflib: The DGifDecompressLine function in dgif_lib.c has a heap-based buffer overflow because CrntCode array index is not checked

Bug 1094829 (CVE-2018-11489) - VUL-1: CVE-2018-11489: giflib: The DGifDecompressLine function in dgif_lib.c has a heap-based buffer overflow because CrntCode array index is not checked

Summary: VUL-1: CVE-2018-11489: giflib: The DGifDecompressLine function in dgif_lib.c ...

Status:	RESOLVED FIXED

Alias:	CVE-2018-11489

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/206548/
Whiteboard:	CVSSv3:SUSE:CVE-2018-11489:4.0:(AV:L/...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2018-05-28 08:24 UTC by Johannes Segitz
Modified:	2024-05-09 11:57 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2018-05-28 08:24:48 UTC

CVE-2018-11489

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version
3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer
overflow because a certain CrntCode array index is not checked. This will lead
to a denial of service or possibly unspecified other impact.

Details: https://github.com/pts/sam2p/issues/37

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11489
https://github.com/pts/sam2p/issues/37

Comment 2 Fridrich Strba 2024-03-05 09:52:43 UTC

I upgraded giflib and the submission is going through QA processes.

Comment 3 Fridrich Strba 2024-03-25 14:23:17 UTC

Hello, I am reassigning to security. Please advise, whether backporting to SLE12 and SLE11 warrants the rather considerable amount of work.

Comment 4 Camila Camargo de Matos 2024-05-09 11:37:59 UTC

From my understanding, it seems like this issue had already been fixed by upstream giflib before the issue was reported in sam2p. See [0] for more information (and the patch that looks to fix the issue).

That being said, SLE12 already contains the code presented in this patch, meaning that, SLE12 is likely already fixed for this issue.

[0] https://github.com/pts/sam2p/issues/37#issuecomment-409870800