{"affected":[{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP5","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP2-LTSS","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP3-LTSS","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP2","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP3","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy 4.3","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Manager%20Proxy%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Manager Server 4.3","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Manager%20Server%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 7.1","name":"giflib","purl":"pkg:rpm/suse/giflib&distro=SUSE%20Enterprise%20Storage%207.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"giflib-devel":"5.2.2-150000.4.13.1","giflib-devel-32bit":"5.2.2-150000.4.13.1","giflib-progs":"5.2.2-150000.4.13.1","libgif7":"5.2.2-150000.4.13.1","libgif7-32bit":"5.2.2-150000.4.13.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"giflib","purl":"pkg:rpm/opensuse/giflib&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.2-150000.4.13.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for giflib fixes the following issues:\n\nUpdate to version 5.2.2\n\n* Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880)\n* #138 Documentation for obsolete utilities still installed\n* #139: Typo in 'LZW image data' page ('110_2 = 4_10')\n* #140: Typo in 'LZW image data' page ('LWZ')\n* #141: Typo in 'Bits and bytes' page ('filed')\n* Note as already fixed SF issue #143: cannot compile under mingw\n* #144: giflib-5.2.1 cannot be build on windows and other platforms using c89\n* #145: Remove manual pages installation for binaries that are not installed too\n* #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7\n* #147 [PATCH] Fixes to doc/whatsinagif/ content\n* #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB\n* Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1\n* Declared Won't-fix on SF issue 149: Out of source builds no longer possible\n* #151: A heap-buffer-overflow in gif2rgb.c:294:45\n* #152: Fix some typos on the html documentation and man pages\n* #153: Fix segmentation faults due to non correct checking for args\n* #154: Recover the giffilter manual page\n* #155: Add gifsponge docs\n* #157: An OutofMemory-Exception or Memory Leak in gif2rgb\n* #158: There is a null pointer problem in gif2rgb\n* #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45\n* #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c\n* #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c\n* #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c\n* #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c\n","id":"SUSE-SU-2024:0786-1","modified":"2024-03-06T20:07:22Z","published":"2024-03-06T20:07:22Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240786-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198880"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200551"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217390"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-40633"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-28506"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-48161"}],"related":["CVE-2021-40633","CVE-2022-28506","CVE-2023-48161"],"summary":"Security update for giflib","upstream":["CVE-2021-40633","CVE-2022-28506","CVE-2023-48161"]}