Source: cgif Version: 0.5.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/dloebl/cgif/issues/110 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for cgif. CVE-2026-4985[0]: | A vulnerability was identified in dloebl CGIF up to 0.5.2. This | vulnerability affects the function cgif_addframe of the file | src/cgif.c of the component GIF Image Handler. The manipulation of | the argument width/height leads to integer overflow. The attack may | be initiated remotely. The identifier of the patch is | b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install | a patch to address this issue. At time of writing this bugereport the changes have not yet been merged (so note the CVE description is not fully acurate (yet)). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-4985 https://www.cve.org/CVERecord?id=CVE-2026-4985 [1] https://github.com/dloebl/cgif/issues/110 [2] https://github.com/dloebl/cgif/pull/112 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
