CVE-2023-39114
Description
ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A segmentation violation in ngiflib commit 84a75 via SDL_LoadAnimatedGif causes denial of service when processing a crafted GIF.
Vulnerability
A segmentation violation exists in ngiflib at commit 84a75. The bug resides in the function SDL_LoadAnimatedGif in ngiflibSDL.c at line 179:3. When the program SDLaffgif processes a specially crafted GIF file, the crash is triggered. The affected version is commit 84a750338394bbd2f8ff15811e2098bd9634180a [1].
Exploitation
An attacker needs to supply a malicious GIF file to the SDLaffgif utility. No authentication or special privileges are required; the victim only needs to run the program with the crafted input. The provided reproducer clones the repository, compiles with clang address sanitizer, and runs ./SDLaffgif ./poc4 [1].
Impact
On successful exploitation, the program crashes due to a segmentation fault (SEGV on unknown address). The AddressSanitizer report indicates a READ memory access at an invalid address (0x000000000044), leading to a denial of service (DoS) for the affected application [1].
Mitigation
As of the publication date (2023-08-02), no fix has been released in the public commit history. The vendor was notified via the GitHub issue tracker, but no patch commit was found in the upstream repository at the time of analysis [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- ngiflib/ngiflibdescription
- Range: = commit 84a75
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing null-pointer or bounds validation on a surface pointer before calling SDL_LockSurface in SDL_LoadAnimatedGif allows a crafted GIF to cause a segmentation violation."
Attack vector
An attacker supplies a crafted GIF file (the PoC is named `poc4`) to the `SDLaffgif` program [ref_id=1]. When `SDLaffgif` loads and renders the malicious GIF via `SDL_LoadAnimatedGif`, the function reaches `ngiflibSDL.c:179` and calls `SDL_LockSurface` with an invalid surface pointer, causing a segmentation violation (read access to address 0x44) [ref_id=1]. No authentication or special network access is required — the attacker only needs to deliver the malformed file to the victim.
Affected code
The crash occurs in `SDL_LoadAnimatedGif` at `ngiflibSDL.c:179:3` [ref_id=1]. The backtrace shows the segfault originates from a call to `SDL_LockSurface` at that line, triggered when the program `SDLaffgif` processes a malformed GIF file [ref_id=1].
What the fix does
The advisory does not include a patch or fix commit [ref_id=1]. The issue report notes that the crash is a denial-of-service caused by a missing null-pointer or bounds check before the `SDL_LockSurface` call at `ngiflibSDL.c:179` [ref_id=1]. A proper fix would validate the surface pointer or the GIF frame data before dereferencing it, preventing the SEGV.
Preconditions
- inputVictim must run the SDLaffgif program with the attacker-controlled GIF file as input
- inputThe GIF file must be crafted to trigger the invalid memory access in SDL_LoadAnimatedGif
Reproduction
1. Clone the repository at commit `84a750338394bbd2f8ff15811e2098bd9634180a` and build with `CC="clang -fsanitize=address -g" make` [ref_id=1]. 2. Download the PoC file `poc4` from https://github.com/GGb0ndQAQ/POC/blob/main/ngiflib/poc4 [ref_id=1]. 3. Run `./SDLaffgif ./poc4` — the program will crash with a SEGV at `SDL_LoadAnimatedGif` in `ngiflibSDL.c:179` [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.