Vulnerability CVE-2023-36193: Information

Description

Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-36193

Published: June 23, 2023

Modified: Oct. 24, 2023

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
gifsicle	sisyphus	1.95-alt1	1.95-alt2	ALT-PU-2024-6946-1	345590	Fixed
gifsicle	sisyphus_e2k	1.95-alt2	1.95-alt2	ALT-PU-2024-7008-1	-	Fixed
gifsicle	sisyphus_riscv64	1.95-alt2	1.95-alt2	ALT-PU-2024-7000-1	-	Fixed
gifsicle	sisyphus_loongarch64	1.95-alt2	1.95-alt2	ALT-PU-2024-7042-1	-	Fixed
gifsicle	p10	1.95-alt2	1.95-alt2	ALT-PU-2024-6948-2	345592	Fixed
gifsicle	p10_e2k	1.95-alt2	1.95-alt2	ALT-PU-2024-7157-1	-	Fixed
gifsicle	p9	1.92-alt1	1.92-alt1	ALT-PU-2020-3169-2	260570	Fixed
gifsicle	c9f2	1.92-alt1	1.93-alt1	ALT-PU-2020-3169-2	260570	Fixed

Hyperlink	Resource
https://github.com/kohler/gifsicle/issues/191	Exploit Issue Tracking Patch Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:lcdf:gifsicle:1.93:*:*:*:*:*:*:*

Version: v24.5.0