Medium severity5.5NVD Advisory· Published Apr 21, 2016· Updated Jun 17, 2026
CVE-2016-3977
CVE-2016-3977
Description
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26cpe:2.3:a:giflib_project:giflib:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:giflib_project:giflib:*:*:*:*:*:*:*:*range: <=5.1.2
- (no CPE)range: =5.1.2
- osv-coords23 versionspkg:rpm/opensuse/giflib&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/giflib&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/giflib&distro=openSUSE%20Tumbleweedpkg:rpm/suse/giflib&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/giflib&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 5.2.1-150000.4.8.1+ 22 more
- (no CPE)range: < 5.2.1-150000.4.8.1
- (no CPE)range: < 5.2.1-150000.4.8.1
- (no CPE)range: < 5.1.4-1.12
- (no CPE)range: < 5.2.1-150000.4.8.1
- (no CPE)range: < 5.0.5-12.1
- (no CPE)range: < 5.0.5-12.1
- (no CPE)range: < 5.2.1-150000.4.8.1
- (no CPE)range: < 5.2.1-150000.4.8.1
- (no CPE)range: < 5.2.1-150000.4.8.1
- (no CPE)range: < 5.2.1-150000.4.8.1
- (no CPE)range: < 4.1.6-21.1
- (no CPE)range: < 5.0.5-12.1
- (no CPE)range: < 5.0.5-12.1
- (no CPE)range: < 5.2.1-150000.4.8.1
- (no CPE)range: < 5.2.1-150000.4.8.1
- (no CPE)range: < 4.1.6-21.1
- (no CPE)range: < 5.0.5-12.1
- (no CPE)range: < 5.0.5-12.1
- (no CPE)range: < 5.2.1-150000.4.8.1
- (no CPE)range: < 5.2.1-150000.4.8.1
- (no CPE)range: < 4.1.6-21.1
- (no CPE)range: < 5.0.5-12.1
- (no CPE)range: < 5.0.5-12.1
Patches
Vulnerability mechanics
References
9- sourceforge.net/p/giflib/bugs/87/nvdPatch
- sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88/nvdPatchVendor Advisory
- bugs.fi/fuzzing/index.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-04/msg00079.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-04/msg00084.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-05/msg00019.htmlnvd
- www.securityfocus.com/bid/88103nvd
- bugzilla.redhat.com/show_bug.cginvd
- usn.ubuntu.com/4107-1/nvd
News mentions
0No linked articles in our index yet.