On Monday, April 07, 2025 15:15 CEST, 李亚杰 <liya...@openeuler.sh> wrote:
> Affected Versions: > - giflib 5.2.2 and below > > Description: > In the function DumpScreen2RGB of the giflib software, an attempt is made to > access the color map through ColorMapEntry. > The size of ColorMap is 6 bytes (from 0x602000000030 to 0x602000000036). > However, when accessing > ColorMap->Colors[GifRow[j]], the value of GifRow[j] exceeds the actual number > of colors stored. Thanks for the disclosure. Since there doesn't seem to be a proposed patch yet, here's mine: https://github.com/OpenMandrivaAssociation/giflib/blob/master/giflib-5.2.2-cve-2025-31344.patch ttyl bero
