Hi,
在 2025/4/7 21:15, 李亚杰 写道:
Affected Versions:
- giflib 5.2.2 and below
Description:
In the function DumpScreen2RGB of the giflib software, an attempt is made to access
the color map through ColorMapEntry. The size of ColorMap is 6 bytes (from
0x602000000030 to 0x602000000036). However, when accessing
ColorMap->Colors[GifRow[j]], the value of GifRow[j] exceeds the actual number of
colors stored. The address pointed to by ColorMapEntry, 0x602000000039, goes beyond
the allocated memory range for color data. As a result, accessing
ColorMapEntry->Red leads to out-of-bounds access, causing a heap-buffer-overflow.
Thanks for the disclosure, but any pointer to potential fixes or maybe a
new release? I'm confused (because we distributions should now be
working to mitigate, as it is now disclosed)...
Best Regards,
Mingcong Bai>
Credits:
JiaXuan Song(m202372...@hust.edu.cn)
bale.cen(cenxianl...@huawei.com)
Best Regards,
Yajie Li
