Mandrake Linux Security Advisory : libungif (MDKSA-2005:207)

High Nessus Plugin ID 20441


The remote Mandrake Linux host is missing one or more security updates.


Several bugs have been discovered in the way libungif decodes GIF images. These allow an attacker to create a carefully crafted GIF image file in such a way that it could cause applications linked with libungif to crash or execute arbitrary code when the file is opened by the user.

The updated packages have been patched to address this issue.


Update the affected packages.

Plugin Details

Severity: High

ID: 20441

File Name: mandrake_MDKSA-2005-207.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2006/01/15

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64ungif4, p-cpe:/a:mandriva:linux:lib64ungif4-devel, p-cpe:/a:mandriva:linux:lib64ungif4-static-devel, p-cpe:/a:mandriva:linux:libungif-progs, p-cpe:/a:mandriva:linux:libungif4, p-cpe:/a:mandriva:linux:libungif4-devel, p-cpe:/a:mandriva:linux:libungif4-static-devel, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandriva:linux:2006, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2005/11/09

Reference Information

CVE: CVE-2005-2974, CVE-2005-3350

MDKSA: 2005:207