Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
516
VMScore

CVE-2020-23922

Published: 21/04/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Subscribe to Giflib Project

Vulnerability Summary

An issue exists in giflib up to and including 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

giflib project giflib

apache bookkeeper 4.12.1

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2020-23922
Debian Bug report logs - #988151 CVE-2020-23922 Package: src:giflib; Maintainer for src:giflib is Debian QA Group <packages@qadebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 6 May 2021 17:45:05 UTC Severity: important Tags: security, upstream Forwarded to sourceforgenet/p/gifli ...
Red Hat: CVE-2020-23922
An issue was discovered in giflib through 514 DumpScreen2RGB in gif2rgbc has a heap-based buffer over-read ...
Arch Linux Issues:
An issue was discovered in giflib DumpScreen2RGB in gif2rgbc has a heap-based buffer over-read ...

References

CWE-125https://sourceforge.net/p/giflib/bugs/151/https://cwe.mitre.org/data/definitions/126.htmlhttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988151https://nvd.nist.govhttps://security.archlinux.org/CVE-2020-23922
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook