Giflib
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3177 | Cri | 0.64 | 9.8 | 0.02 | Jan 23, 2017 | Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. | ||
| CVE-2018-11490 | Hig | 0.57 | 8.8 | 0.02 | May 26, 2018 | The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or… | ||
| CVE-2018-11489 | Hig | 0.57 | 8.8 | 0.03 | May 26, 2018 | The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified… | ||
| CVE-2025-31344 | Hig | 0.47 | 7.3 | 0.00 | Apr 14, 2025 | Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2. | ||
| CVE-2016-3977 | Med | 0.36 | 5.5 | 0.02 | Apr 21, 2016 | Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file. | ||
| CVE-2015-7555 | Med | 0.36 | 5.5 | 0.01 | Apr 13, 2016 | Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. | ||
| CVE-2026-23868 | Med | 0.33 | 5.1 | 0.00 | Mar 10, 2026 | Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. | ||
| CVE-2026-26740 | 0.00 | — | 0.00 | Mar 18, 2026 | Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size. | |||
| CVE-2024-45993 | 0.00 | — | 0.00 | Sep 30, 2024 | Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb. | |||
| CVE-2023-48161 | 0.00 | — | 0.00 | Nov 22, 2023 | Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c | |||
| CVE-2023-39742 | 0.00 | — | 0.00 | Aug 25, 2023 | giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. | |||
| CVE-2021-40633 | 0.00 | — | 0.02 | Jun 14, 2022 | A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file. | |||
| CVE-2022-28506 | 0.00 | — | 0.01 | Apr 25, 2022 | There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. | |||
| CVE-2020-23922 | 0.00 | — | 0.02 | Apr 21, 2021 | An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. | |||
| CVE-2019-15133 | 0.00 | — | 0.02 | Aug 17, 2019 | In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero. |
- risk 0.64cvss 9.8epss 0.02
Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.
- risk 0.57cvss 8.8epss 0.02
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or…
- risk 0.57cvss 8.8epss 0.03
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified…
- risk 0.47cvss 7.3epss 0.00
Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2.
- risk 0.36cvss 5.5epss 0.02
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
- risk 0.36cvss 5.5epss 0.01
Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file.
- risk 0.33cvss 5.1epss 0.00
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
- CVE-2026-26740Mar 18, 2026risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.
- CVE-2024-45993Sep 30, 2024risk 0.00cvss —epss 0.00
Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.
- CVE-2023-48161Nov 22, 2023risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
- CVE-2023-39742Aug 25, 2023risk 0.00cvss —epss 0.00
giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.
- CVE-2021-40633Jun 14, 2022risk 0.00cvss —epss 0.02
A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.
- CVE-2022-28506Apr 25, 2022risk 0.00cvss —epss 0.01
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.
- CVE-2020-23922Apr 21, 2021risk 0.00cvss —epss 0.02
An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.
- CVE-2019-15133Aug 17, 2019risk 0.00cvss —epss 0.02
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.