| Bug ID | 1079102 |
|---|---|
| Summary | VUL-0: CVE-2017-18120: gifsicle: double-free bug in the read_gif function in gifread.c |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.3 |
| Hardware | Other |
| URL | https://smash.suse.de/issue/199369/ |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | manfred99@gmx.ch |
| Reporter | abergmann@suse.com |
| QA Contact | security-team@suse.de |
| Found By | Security Response Team |
| Blocker | --- |
CVE-2017-18120 A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18120 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881120 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18120 https://github.com/kohler/gifsicle/issues/117 https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909