Permalink
CVE-2025-31344
7.3 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): HIGH
The giflib open-source component has a buffer overflow vulnerability
Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2.
References
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-S…
- https://gitee.com/src-openeuler/giflib/pulls/54
- http://www.openwall.com/lists/oss-security/2025/04/09/7
- http://www.openwall.com/lists/oss-security/2025/04/10/1
- http://www.openwall.com/lists/oss-security/2025/04/07/3
- http://www.openwall.com/lists/oss-security/2025/04/07/4
- http://www.openwall.com/lists/oss-security/2025/04/07/5
- http://www.openwall.com/lists/oss-security/2025/04/07/6
- http://www.openwall.com/lists/oss-security/2025/04/08/1
- http://www.openwall.com/lists/oss-security/2025/04/09/5
Affected products
giflib
- =<5.2.2