TITLE:
libungif GIF File Handling Two Vulnerabilities

SECUNIA ADVISORY ID:
SA17436

VERIFY ADVISORY:
http://secunia.com/advisories/17436/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
>From remote

SOFTWARE:
Libungif 4.x
http://secunia.com/product/6050/

DESCRIPTION:
Chris Evans has reported two vulnerabilities in libungif, which can
be exploited by malicious people to cause a DoS (Denial of Service)
and potentially to compromise a user's system.

1) A NULL pointer dereferencing error can be exploited to crash an
application that uses libungif via a specially crafted ".gif" file.

2) A boundary error can be exploited to cause out-of-bounds memory
access, potentially allowing arbitrary code execution in an
application that uses libungif via a specially crafted ".gif" file.

The vulnerabilities exist in "gifalloc.c", "dgif_lib.c" and
"egif_lib.c".

The vulnerabilities have been reported in version 4.1.3. Prior
versions may also be affected.

Note: All applications that use libungif are potentially affected by
these vulnerabilities.

SOLUTION:
Update to version 4.1.4.
http://sourceforge.net/project/showfiles.php?group_id=102202&package_id=109698

PROVIDED AND/OR DISCOVERED BY:
Chris Evans

ORIGINAL ADVISORY:
Red Hat Bugzilla:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------