- Fix CVE-2018-11490: The DGifDecompressLine function in dgif_lib.c in
GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p
0.49.4, has a heap-based buffer overflow because a certain
"Private->RunningCode - 2" array index is not checked. This will lead
to a denial of service or possibly unspecified other impact.
- Fix CVE-2019-15133: In GIFLIB before 2019-02-16, a malformed GIF file
triggers a divide-by-zero exception in the decoder function DGifSlurp
in dgif_lib.c if the height field of the ImageSize data structure is
equal to zero.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d7926d7cb5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
1639bb364d