Vulnerabilities > CVE-2005-3350 - Unspecified vulnerability in Libungif 4.1.3

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
libungif
nessus

Summary

libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.

Vulnerable Configurations

Part Description Count
Application
Libungif
2

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090422_GIFLIB_ON_SL5_X.NASL
    descriptionSeveral flaws were discovered in the way giflib decodes GIF images. An attacker could create a carefully crafted GIF image that could cause an application using giflib to crash or, possibly, execute arbitrary code when opened by a victim. (CVE-2005-2974, CVE-2005-3350) All running applications using giflib must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60574
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60574
    titleScientific Linux Security Update : giflib on SL5.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-828.NASL
    descriptionUpdated libungif packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The libungif package contains a shared library of functions for loading and saving GIF format image files. Several bugs in the way libungif decodes GIF images were discovered. An attacker could create a carefully crafted GIF image file in such a way that it could cause an application linked with libungif to crash or execute arbitrary code when the file is opened by a victim. The Common Vulnerabilities and Exposures project has assigned the names CVE-2005-2974 and CVE-2005-3350 to these issues. All users of libungif are advised to upgrade to these updated packages, which contain backported patches that resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20145
    published2005-11-04
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20145
    titleRHEL 2.1 / 3 / 4 : libungif (RHSA-2005:828)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200511-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200511-03 (giflib: Multiple vulnerabilities) Chris Evans and Daniel Eisenbud independently discovered two out-of-bounds memory write operations and a NULL pointer dereference in giflib. Impact : An attacker could craft a malicious GIF image and entice users to load it using an application making use of the giflib library, resulting in an application crash or potentially the execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id20153
    published2005-11-07
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20153
    titleGLSA-200511-03 : giflib: Multiple vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0444.NASL
    descriptionUpdated giflib packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The giflib packages contain a shared library of functions for loading and saving GIF image files. This library is API and ABI compatible with libungif, the library that supported uncompressed GIF image files while the Unisys LZW patent was in effect. Several flaws were discovered in the way giflib decodes GIF images. An attacker could create a carefully crafted GIF image that could cause an application using giflib to crash or, possibly, execute arbitrary code when opened by a victim. (CVE-2005-2974, CVE-2005-3350) All users of giflib are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications using giflib must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id43744
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43744
    titleCentOS 5 : giflib (CESA-2009:0444)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-4848.NASL
    description - Update to 4.1.6 containing several upstream fixes etc. - Solved multilib problems with documentation (#465208, #474538) - Removed static library from giflib-devel package (#225796 #c1) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id39453
    published2009-06-19
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39453
    titleFedora 10 : giflib-4.1.6-2.fc10 (2009-4848)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-890.NASL
    descriptionChris Evans discovered several security related problems in libungif4, a shared library for GIF images. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-2974 NULL pointer dereference, that could cause a denial of service. - CVE-2005-3350 Out of bounds memory access that could cause a denial of service or the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id22756
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22756
    titleDebian DSA-890-1 : libungif4 - several vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0444.NASL
    descriptionFrom Red Hat Security Advisory 2009:0444 : Updated giflib packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The giflib packages contain a shared library of functions for loading and saving GIF image files. This library is API and ABI compatible with libungif, the library that supported uncompressed GIF image files while the Unisys LZW patent was in effect. Several flaws were discovered in the way giflib decodes GIF images. An attacker could create a carefully crafted GIF image that could cause an application using giflib to crash or, possibly, execute arbitrary code when opened by a victim. (CVE-2005-2974, CVE-2005-3350) All users of giflib are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications using giflib must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id67849
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67849
    titleOracle Linux 5 : giflib (ELSA-2009-0444)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-5118.NASL
    description - CVE-2005-2974: NULL pointer dereference crash (#494826) - CVE-2005-3350: Memory corruption via a crafted GIF (#494823) - Solved multilib problems with documentation (#465208, #474538) - Removed static library from giflib-devel package (#225796 #c1) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38812
    published2009-05-19
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38812
    titleFedora 9 : giflib-4.1.3-10.fc9 (2009-5118)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-214-1.NASL
    descriptionChris Evans discovered several buffer overflows in the libungif library. By tricking an user (or automated system) into processing a specially crafted GIF image, this could be exploited to execute arbitrary code with the privileges of the application using libungif. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20632
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20632
    titleUbuntu 4.10 / 5.04 / 5.10 : libungif4 vulnerabilities (USN-214-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-207.NASL
    descriptionSeveral bugs have been discovered in the way libungif decodes GIF images. These allow an attacker to create a carefully crafted GIF image file in such a way that it could cause applications linked with libungif to crash or execute arbitrary code when the file is opened by the user. The updated packages have been patched to address this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id20441
    published2006-01-15
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20441
    titleMandrake Linux Security Advisory : libungif (MDKSA-2005:207)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_10556.NASL
    descriptionThis update fixes the following security issues : - specially crafted GIF files could crash applications. (CVE-2005-2974) - specially crafted GIF files could overwrite memory which potentially allowed to execute arbitrary code. (CVE-2005-3350)
    last seen2020-06-01
    modified2020-06-02
    plugin id41083
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41083
    titleSuSE9 Security Update : libungif (YOU Patch Number 10556)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-828.NASL
    descriptionUpdated libungif packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The libungif package contains a shared library of functions for loading and saving GIF format image files. Several bugs in the way libungif decodes GIF images were discovered. An attacker could create a carefully crafted GIF image file in such a way that it could cause an application linked with libungif to crash or execute arbitrary code when the file is opened by a victim. The Common Vulnerabilities and Exposures project has assigned the names CVE-2005-2974 and CVE-2005-3350 to these issues. All users of libungif are advised to upgrade to these updated packages, which contain backported patches that resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21869
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21869
    titleCentOS 3 / 4 : libungif (CESA-2005:828)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0444.NASL
    descriptionUpdated giflib packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The giflib packages contain a shared library of functions for loading and saving GIF image files. This library is API and ABI compatible with libungif, the library that supported uncompressed GIF image files while the Unisys LZW patent was in effect. Several flaws were discovered in the way giflib decodes GIF images. An attacker could create a carefully crafted GIF image that could cause an application using giflib to crash or, possibly, execute arbitrary code when opened by a victim. (CVE-2005-2974, CVE-2005-3350) All users of giflib are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications using giflib must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id37605
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37605
    titleRHEL 5 : giflib (RHSA-2009:0444)

Oval

accepted2013-04-29T04:18:45.468-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionlibungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.
familyunix
idoval:org.mitre.oval:def:9314
statusaccepted
submitted2010-07-09T03:56:16-04:00
titlelibungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.
version27

Redhat

advisories
  • bugzilla
    id494826
    titleCVE-2005-2974 giflib/libunfig: NULL pointer dereference crash
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentgiflib is earlier than 0:4.1.3-7.1.el5_3.1
            ovaloval:com.redhat.rhsa:tst:20090444001
          • commentgiflib is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20090444002
        • AND
          • commentgiflib-utils is earlier than 0:4.1.3-7.1.el5_3.1
            ovaloval:com.redhat.rhsa:tst:20090444003
          • commentgiflib-utils is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20090444004
        • AND
          • commentgiflib-devel is earlier than 0:4.1.3-7.1.el5_3.1
            ovaloval:com.redhat.rhsa:tst:20090444005
          • commentgiflib-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20090444006
    rhsa
    idRHSA-2009:0444
    released2009-04-22
    severityImportant
    titleRHSA-2009:0444: giflib security update (Important)
  • rhsa
    idRHSA-2005:828
rpms
  • libungif-0:4.1.0-15.el3.3
  • libungif-0:4.1.3-1.el4.2
  • libungif-debuginfo-0:4.1.0-15.el3.3
  • libungif-debuginfo-0:4.1.3-1.el4.2
  • libungif-devel-0:4.1.0-15.el3.3
  • libungif-devel-0:4.1.3-1.el4.2
  • libungif-progs-0:4.1.3-1.el4.2
  • giflib-0:4.1.3-7.1.el5_3.1
  • giflib-debuginfo-0:4.1.3-7.1.el5_3.1
  • giflib-devel-0:4.1.3-7.1.el5_3.1
  • giflib-utils-0:4.1.3-7.1.el5_3.1