Re: Heapoverflow in giflib5.1.4

[Solar Designer <solar () openwall com>]

On Tue, Sep 13, 2016 at 11:20:08PM +0800, vul @ 724safe wrote:
> With Address Sanitizer there is aa heap overflow in giflib 5.1.4
> More details are available at:
> https://sourceforge.net/p/giflib/bugs/102/

When posting to oss-security, please include the actual detail right in
your posting (up to 200 KB including MIME overhead, but of course try to
keep it smaller than that if at all practical) - not only via external
links.  I've attached the content of the above link now.  Luckily, this
one PoC GIF file is tiny:

$ base64 poc
R0lGODdhKP9/AADZACwAHQAAKAAAAPngp5Lb5QAD4wAAAgAAOwAd

Ideally, you would also investigate and patch issues found by ASan,
rather than merely include its output, but I realize we can't actually
expect anything specific from volunteers.  So whatever we've got.

Thanks,

Alexander

Attachment: giflib-102-Heap_overflow_in_gif2rgb.c.txt
Description:

Attachment: poc
Description: