TITLE: libungif GIF File Handling Two Vulnerabilities SECUNIA ADVISORY ID: SA17436 VERIFY ADVISORY: http://secunia.com/advisories/17436/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Libungif 4.x http://secunia.com/product/6050/ DESCRIPTION: Chris Evans has reported two vulnerabilities in libungif, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. 1) A NULL pointer dereferencing error can be exploited to crash an application that uses libungif via a specially crafted ".gif" file. 2) A boundary error can be exploited to cause out-of-bounds memory access, potentially allowing arbitrary code execution in an application that uses libungif via a specially crafted ".gif" file. The vulnerabilities exist in "gifalloc.c", "dgif_lib.c" and "egif_lib.c". The vulnerabilities have been reported in version 4.1.3. Prior versions may also be affected. Note: All applications that use libungif are potentially affected by these vulnerabilities. SOLUTION: Update to version 4.1.4. http://sourceforge.net/project/showfiles.php?group_id=102202&package_id=109698 PROVIDED AND/OR DISCOVERED BY: Chris Evans ORIGINAL ADVISORY: Red Hat Bugzilla: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------