GLSA-200511-03 : giflib: Multiple vulnerabilities

High Nessus Plugin ID 20153


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200511-03 (giflib: Multiple vulnerabilities)

Chris Evans and Daniel Eisenbud independently discovered two out-of-bounds memory write operations and a NULL pointer dereference in giflib.
Impact :

An attacker could craft a malicious GIF image and entice users to load it using an application making use of the giflib library, resulting in an application crash or potentially the execution of arbitrary code.
Workaround :

There is no known workaround at this time.


All giflib users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/giflib-4.1.4'

See Also

Plugin Details

Severity: High

ID: 20153

File Name: gentoo_GLSA-200511-03.nasl

Version: $Revision: 1.12 $

Type: local

Published: 2005/11/07

Modified: 2015/04/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:giflib, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2005/11/04

Vulnerability Publication Date: 2005/11/04

Reference Information

CVE: CVE-2005-2974, CVE-2005-3350

OSVDB: 20470, 20471

GLSA: 200511-03