CVE-2023-44821

Name
CVE-2023-44821
Description
Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation in which new input arrives for a long-running process, does not ship with functionality to link it into another application as a library, and does not have realistic use cases in which an adversary controls the entire command line.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/kohler/gifsicle/issues/195
MISC https://github.com/kohler/gifsicle/issues/65
cve@mitre.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3I6Z7VAHUYX3Q4DULJ76NFD2CIFZJYH5/
cve@mitre.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WLTXJS6AIKPGVOAJ7EYC4HL3NEG6CGF/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:lcdf:gifsicle:*:*:*:*:*:*:*:* gifsicle >= None <= 1.94

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gifsicle 3.18-community 1.94-r0 None possibly vulnerable
gifsicle 3.19-community 1.94-r1 Celeste <cielesti@protonmail.com> possibly vulnerable