>> libungif GIF File Decoding Memory Corruption and Denial of Service
Title : libungif GIF File Decoding Memory Corruption and Denial of Service VUPEN ID : VUPEN/ADV-2005-2295 CVE ID : CVE-2005-2974 - CVE-2005-3350
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-11-04
Technical Description
Two vulnerabilities were identified in libungif, which could be exploited by remote attackers to execute arbitrary commands or cause a denial of service.
The first issue is due to a NULL pointer dereference in "gifalloc.c" when processing specially crafted GIF files, which could be exploited by attackers to cause an application linked with libungif to crash when a malformed GIF file is opened.
The second issue is due to a memory corruption error in "dgif_lib.c" and "egif_lib.c" when processing malformed GIF files, which could be exploited by attackers to cause an application linked with libungif to crash or execute arbitrary code when a malicious GIF file is opened.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
