CVE-2022-43359 Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c had an out-of-bounds read in the function read_image_data.

Malicious Gifs can lead to remote code execution and information leak. This vulnerability can be exploited by an attacker when a user opens a crafted Gif file. Depending on the vulnerability exploited and the environment of the victim, this issue can lead to remote code execution. This issue was resolved by updating the vulnerable function.

Gifdec commit 3b4a4cc4f6c4f13de4a6c5e9e5c5f5d5d5c5b5 was discovered to have a stack buffer overflow in the function parse_gif_data. This vulnerability is triggered when parsing a crafted Gif file.

CVE-2023-43360

A stack buffer overflow was discovered in the function parse_gif_data when parsing a crafted Gif file.
This issue is triggered when an attacker sends a specially crafted GIF to an application that supports GIF decoders. This vulnerability can lead to remote code execution and information leak by exploiting the use of application data for storing string data.

Vulnerability described

CVE-2022-43359 is a vulnerability where malicious Gifs can lead to remote code execution and information leak. This vulnerability can be exploited by an attacker when a user opens a crafted Gif file. Depending on the vulnerability exploited and the environment of the victim, this issue can lead to remote code execution. This issue was resolved by updating the vulnerable function.

Timeline

Published on: 11/07/2022 23:15:00 UTC
Last modified on: 11/08/2022 21:05:00 UTC

References

• https://github.com/lecram/gifdec/pull/23
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43359