lcdf (Little Cambridgeport Design factory) Gifsicle 1.90

CPE Details

lcdf (Little Cambridgeport Design factory) Gifsicle 1.90
lcdf
gifsicle
1.90
2023-10-24
14h06 +00:00
2023-10-24
14h06 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:lcdf:gifsicle:1.90:*:*:*:*:*:*:*

Informations

Vendor

lcdf

Product

gifsicle

Version

1.90

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-44821 2023-10-08 22h00 +00:00 Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation in which new input arrives for a long-running process, does not ship with functionality to link it into another application as a library, and does not have realistic use cases in which an adversary controls the entire command line.
5.5
Medium
CVE-2017-18120 2018-02-02 08h00 +00:00 A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.
7.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.