A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.

The version of giflib installed on the remote host is prior to 4.1.6-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2998 advisory.

    A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger     an out of memory exception or denial of service via a gif format file. (CVE-2021-40633)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger     an out of memory exception or denial of service via a gif format file. (CVE-2021-40633)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6824-1 advisory.

    It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this     issue to cause a denial of service. (CVE-2021-40633, CVE-2022-28506, CVE-2023-39742)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1622-1 advisory.

  - The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in     cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain Private->RunningCode - 2     array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
    (CVE-2018-11490)

  - A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger     an out of memory exception or denial of service via a gif format file. (CVE-2021-40633)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the giflib packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger     an out of memory exception or denial of service via a gif format file. (CVE-2021-40633)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0786-1 advisory.

  - A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger     an out of memory exception or denial of service via a gif format file. (CVE-2021-40633)

  - There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.
    (CVE-2022-28506)

  - Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive     information via the DumpSCreen2RGB function in gif2rgb.c (CVE-2023-48161)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
265073	Amazon Linux 2 : giflib, --advisory ALAS2-2025-2998 (ALAS-2025-2998)	Nessus	Amazon Linux Local Security Checks	high
224203	Linux Distros Unpatched Vulnerability : CVE-2021-40633	Nessus	Misc.	high
200257	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : GIFLIB vulnerabilities (USN-6824-1)	Nessus	Ubuntu Local Security Checks	high
196941	SUSE SLES12 Security Update : giflib (SUSE-SU-2024:1622-1)	Nessus	SuSE Local Security Checks	high
193017	EulerOS 2.0 SP9 : giflib (EulerOS-SA-2024-1485)	Nessus	Huawei Local Security Checks	high
193015	EulerOS 2.0 SP9 : giflib (EulerOS-SA-2024-1506)	Nessus	Huawei Local Security Checks	high
191698	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : giflib (SUSE-SU-2024:0786-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2021-40633

high

Tenable Plugins

high

high

high

high

high

high

high