• Bug#1103499: [SECURITY] [PATCH] heap-buffer-overflow in giflib

    From Salvatore Bonaccorso@21:1/5 to liubo on Fri Apr 18 09:50:01 2025
    Control: forcemerge 1102520 1103499

    Hi,

    On Fri, Apr 18, 2025 at 03:13:41PM +0800, liubo wrote:
    Source: giflib
    Version: 5.2.2-1
    Severity: normal
    Tags: security patch


    Dear Maintainer,

    I'm submitting a patch for heap-buffer-overflow in the giflib package.

    Vulnerability details:
    - Description: In CVE-2022-28506 has fixed the DumpScreen2RGB if(OneFileFlag=true) case, but has not fixed the else case.
    You can view the details on this issue:https://gitee.com/src-openeuler/giflib/issues/IBCFC4.
    - Affected versions: All versions
    - Fixed patch in:https://gitee.com/src-openeuler/giflib/commit/2c10c1abf8ff2e88b1da04e050bb721487b73fa3

    The patch has been tested on Debian sid and works correctly.

    If you think it necessary, please help me upload it to upstream

    This is already reported as #1102520.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)