GLSA-200511-03 : giflib: Multiple vulnerabilities

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200511-03
(giflib: Multiple vulnerabilities)

Chris Evans and Daniel Eisenbud independently discovered two
out-of-bounds memory write operations and a NULL pointer dereference in
giflib.

Impact :

An attacker could craft a malicious GIF image and entice users to
load it using an application making use of the giflib library,
resulting in an application crash or potentially the execution of
arbitrary code.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200511-03.xml

Solution :

All giflib users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/giflib-4.1.4'

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 20153 (gentoo_GLSA-200511-03.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2974
CVE-2005-3350