CVE-2016-3977
NONE EPSS 79.6%
Published Apr 21, 201610y ago · Modified Jun 17, 20262w ago
Published Apr 21, 2016 10y ago
Last Modified Jun 17, 2026 2w ago
Description
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
Threat Intelligence
EPSS Exploit Probability
79.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 2
| Vendor | Product | Version | Range |
|---|---|---|---|
| opensuse | opensuse | 13.2 | any |
| giflib_project | giflib | * | ≤5.1.2 |
References 9
- bugs.fi http://bugs.fi/fuzzing/index.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2016-04/msg00079.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2016-04/msg00084.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2016-05/msg00019.html
- securityfocus.com http://www.securityfocus.com/bid/88103
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1325771
- sourceforge.net https://sourceforge.net/p/giflib/bugs/87/
- sourceforge.net https://sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88/
- usn.ubuntu.com https://usn.ubuntu.com/4107-1/
Remediation
- sourceforge.net https://sourceforge.net/p/giflib/bugs/87/
- sourceforge.net https://sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88/