Bugzilla – Bug 1198880
VUL-1: CVE-2022-28506: giflib: Heap Buffer overflow in function DumpScreen2RGB()
Last modified: 2024-07-26 08:30:02 UTC
rh#2078745 There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. https://sourceforge.net/p/giflib/bugs/159/ https://github.com/verf1sh/Poc/blob/master/asan_report_giflib.png https://github.com/verf1sh/Poc/blob/master/giflib_poc References: https://bugzilla.redhat.com/show_bug.cgi?id=2078745 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28506 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28506 https://github.com/verf1sh/Poc/blob/master/asan_report_giflib.png https://github.com/verf1sh/Poc/blob/master/giflib_poc https://sourceforge.net/p/giflib/bugs/159/
Affected: - openSUSE:Factory/giflib 5.2.1 Not affected: - SUSE:SLE-11:Update/giflib 4.1.6 - SUSE:SLE-12:Update/giflib 5.0.5 - SUSE:SLE-15:Update/giflib 5.1.4
Created attachment 858432 [details] QA Reproducer 1. Compile with ASAN: add "-fsanitize=address" to the CFLAGS in the Makefile 2. make 3. ./gif2rgb giflib_poc
There is no upstream fix yet.
*** Bug 1217390 has been marked as a duplicate of this bug. ***
Upstream fix: https://sourceforge.net/p/giflib/code/ci/368f28c0034ecfb6dd4b3412af4cc589a56e0611/
SUSE-SU-2024:0786-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1198880, 1200551, 1217390 CVE References: CVE-2021-40633, CVE-2022-28506, CVE-2023-48161 Sources used: openSUSE Leap 15.5 (src): giflib-5.2.2-150000.4.13.1 Basesystem Module 15-SP5 (src): giflib-5.2.2-150000.4.13.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): giflib-5.2.2-150000.4.13.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): giflib-5.2.2-150000.4.13.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): giflib-5.2.2-150000.4.13.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): giflib-5.2.2-150000.4.13.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): giflib-5.2.2-150000.4.13.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): giflib-5.2.2-150000.4.13.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): giflib-5.2.2-150000.4.13.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): giflib-5.2.2-150000.4.13.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): giflib-5.2.2-150000.4.13.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): giflib-5.2.2-150000.4.13.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): giflib-5.2.2-150000.4.13.1 SUSE Manager Proxy 4.3 (src): giflib-5.2.2-150000.4.13.1 SUSE Manager Retail Branch Server 4.3 (src): giflib-5.2.2-150000.4.13.1 SUSE Manager Server 4.3 (src): giflib-5.2.2-150000.4.13.1 SUSE Enterprise Storage 7.1 (src): giflib-5.2.2-150000.4.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
The fix has been released. Reassigning to security.
All done, closing.
SUSE-SU-2024:2607-1: An update that solves two vulnerabilities can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20242607-1 Category: security (important) Bug References: 1198880, 1214678 CVE References: CVE-2022-28506, CVE-2023-39742 Maintenance Incident: [SUSE:Maintenance:34873](https://smelt.suse.de/incident/34873/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): giflib-5.0.5-13.6.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): giflib-5.0.5-13.6.1 SUSE Linux Enterprise Server 12 SP5 (src): giflib-5.0.5-13.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): giflib-5.0.5-13.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.