ID CVE-2017-1000421
Summary Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution
References
Vulnerable Configurations
  • cpe:2.3:a:lcdf:gifsicle:1.10:-:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.10:-:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.10:b1:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.10:b1:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.15:b:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.15:b:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.18:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.19:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.21:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.22:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.24:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.24:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.25:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.25:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.26:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.26:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.30:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.30:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.35:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.35:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.37:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.37:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.38:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.38:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.39:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.39:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.40:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.40:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.42:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.42:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.43:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.43:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.44:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.44:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.45:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.45:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.46:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.46:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.47:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.47:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.48:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.48:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.50:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.50:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.51:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.51:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.52:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.52:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.53:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.53:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.54:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.54:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.55:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.55:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.56:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.56:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.57:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.57:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.58:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.58:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.59:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.59:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.60:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.60:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.61:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.61:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.62:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.62:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.63:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.63:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.64:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.64:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.65:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.65:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.66:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.66:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.67:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.67:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.68:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.68:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.69:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.69:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.70:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.70:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.71:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.71:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.72:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.72:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.73:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.73:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.74:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.74:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.75:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.75:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.76:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.76:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.77:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.77:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.78:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.78:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.79:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.79:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.80:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.80:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.81:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.81:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.82:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.82:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.83:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.83:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.84:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.84:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.85:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.85:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.86:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.86:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.87:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.87:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.88:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.88:*:*:*:*:*:*:*
  • cpe:2.3:a:lcdf:gifsicle:1.89:*:*:*:*:*:*:*
    cpe:2.3:a:lcdf:gifsicle:1.89:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 24-10-2023 - 16:06)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm https://github.com/kohler/gifsicle/issues/114
debian DSA-4084
mlist [debian-lts-announce] 20180108 [SECURITY] [DLA 1233-1] gifsicle security update
Last major update 24-10-2023 - 16:06
Published 02-01-2018 - 19:29
Last modified 24-10-2023 - 16:06
Back to Top