Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

denial-of-service attack #117

Closed
hpfn opened this issue Oct 16, 2017 · 2 comments
Closed

denial-of-service attack #117

hpfn opened this issue Oct 16, 2017 · 2 comments

Comments

@hpfn
Copy link

hpfn commented Oct 16, 2017

Hi,

I received two report bugs that may allow a denial-of-service attack.

Maybe one has already been fixed. #116
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878736

But this one is new I guess.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878739

Regards,
Herbert
kohler added a commit that referenced this issue Dec 3, 2017
@kohler
gif_read: Set last_name = NULL unconditionally.
118a460 
With a non-malicious GIF, last_name is set to NULL when a name
extension is followed by an image. Reported in #117, via
Debian, via a KAIST fuzzing program.
@kohler
Copy link
Owner

kohler commented Dec 3, 2017

Thanks for this report, which is fixed!

@kohler kohler closed this as completed Dec 3, 2017
@jchoi2022
Copy link

For your information, the second bug (double free bug in gifdiff) was assigned CVE-2017-18120. Thank you for the fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kohler @hpfn @jchoi2022