oss-sec mailing list archives
Re: CVE Request : Use-after-free in gifcolor
From: cve-assign () mitre org
Date: Wed, 16 Mar 2016 12:45:39 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Two possible consecutives calls to EGifCloseFile at line 122 and 124, with the same first parameter (GifFile) could lead to two calls to free
this is also a use-after-free
A fix could be simply to remove the second call to EGifCloseFile.
Use CVE-2016-3177. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW6Y0hAAoJEL54rhJi8gl5ghwP/joKr1pUl7IDb/5LAWOMQxeQ h00wAoH0AkMb/hI3GXTdbALXzVGSZ8OT6BKQerR9raYTZeUyWi65+xmPdS3yXDQW q+y1hsksxX3ugU3drcBNnlTxXqHKVIYRUwyqXYclVbMmd8hwqNBqc6dvpwiqGnEb CALN799cMf2wjBFajkN6BWxdj0uULjtdCE6FfwVBkwusaEQrFaQj8qa07VjpyPQy cqfnx0w3fraDm9bZ0h7vZtPKT6l8+GOp9ZuEOFacPz7wROyftNalSra9wRmaqEcr A7TU6xqu1+FUcwN4mK9IDQvWQup3bxZ7xg9Vu2ckQ0dLJjyrmLBccFcajicGV0wN twblpPYjUss53bjgUBNfSLZFvZcEQTuzlyPiXXPxkO35fypS5pZ7bGkkW1JXo37v HjYyvwO2kSBg5dXxmMqW4fXdzND/nSPTl9q7PKwL6hb7GpXudaPFAETPuQPpx6RK EnXpQkeYIn15lGgjJrYhOywMZajNT0yO597w3jQ0B+z/wkrVp3Nr6k854mApM/cc rech7Ff6XGvPTDUARhwV+gR8izkEOsumd397mQMPMdiHDBwEU2i0+kkBqAaWX0/O duoNOSJjdrIQYTHh4MXFgynFDU+PocFCv07UcFHAmhns48d5LdOahPQxm9PRLB/H buvp1GGX8I2tnLoTbdfX =qHvQ -----END PGP SIGNATURE-----
Current thread:
- CVE Request : Use-after-free in gifcolor FEIST Josselin (Mar 16)
- Re: CVE Request : Use-after-free in gifcolor cve-assign (Mar 16)