Comments (2)
andreasstieger
commented on June 12, 2024
CVE-2023-44821 was assigned to this - a memory leak in a graphic cli tool found by a cybersecurity student from China. This should be challenged.
Buffer Overflow vulnerability
No, a memory leak.
allows a remote attacker
No, this is not network bound.
to cause a denial of service via the --crop parameter in the command line parameters.
Your scenario of multiple crop parameters is nonsensical. The are easier ways to do damage if parameter injection is assumed.
from gifsicle.
Frank-Z7
commented on June 12, 2024
CVE-2023-44821 was assigned to this - a memory leak in a graphic cli tool found by a cybersecurity student from China. This should be challenged.
Buffer Overflow vulnerability
No, a memory leak.
allows a remote attacker
No, this is not network bound.
to cause a denial of service via the --crop parameter in the command line parameters.
Your scenario of multiple crop parameters is nonsensical. The are easier ways to do damage if parameter injection is assumed.
Thanks for your correction. The description of cve is indeed partly wrong. I have resubmitted the description at https://cveform.mitre.org/.
from gifsicle.
Related Issues (20)
- Crash during parsing of malformed GIF HOT 4
- Don't optimize file if result is bigger than input HOT 1
- Pink artifacts after resizing HOT 1
- Could not change --background after --crop
- After Fresh Installation fail: Must use import to load ES Module
- very import function HOT 2
- fatal error: frame selection and frame changes donβt mix
- [Help document bug] For gifsicle, the help document misses some options
- Can you set a wallpaper centered? HOT 1
- Add precise colormapping option
- Artifacts / trails when trimming HOT 2
- heap-buffer-overflow in ambiguity_error HOT 3
- FPE /home/root/sp/Dataset/Gifsicle/gifsicle_aflpp/src/xform.c:1325:49 in resize_stream HOT 3
- trouble croping HOT 1
- Two FPE bugs unique in gifsicle-1.94 HOT 7
- Compressing GIF (no rescale) results in broken GIF ~100 times larger than original HOT 1
- Do not touch file if not changed / preserve modification time HOT 1
- Web site: update MacPorts link
- Host distfiles on GitHub releases
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gifsicle.