GLSA-200511-03 : giflib: Multiple vulnerabilities

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200511-03
(giflib: Multiple vulnerabilities)

Chris Evans and Daniel Eisenbud independently discovered two
out-of-bounds memory write operations and a NULL pointer dereference in

Impact :

An attacker could craft a malicious GIF image and entice users to
load it using an application making use of the giflib library,
resulting in an application crash or potentially the execution of
arbitrary code.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All giflib users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/giflib-4.1.4'

Risk factor :

High / CVSS Base Score : 7.5

Family: Gentoo Local Security Checks

Nessus Plugin ID: 20153 (gentoo_GLSA-200511-03.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2974