CVE-2017-18120

Published: Feb 2, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.

Affected (1)

Products: Lcdf: Gifsicle

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lcdf Gifsicle	Version 1.90

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (8)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878739

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881120

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/kohler/gifsicle/issues/117

Source: cve@mitre.org

Third Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878739

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881120

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/kohler/gifsicle/issues/117

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.