{ "threat_severity" : "Low", "public_date" : "2023-08-25T00:00:00Z", "bugzilla" : { "description" : "giflib: giflib: Denial of Service via getarg.c", "id" : "2235821", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2235821" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "draft" }, "cwe" : "CWE-120", "details" : [ "giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.", "A flaw was found in giflib. This vulnerability, located in the `getarg.c` component, can lead to a segmentation fault when processing specially crafted input. This issue can result in a Denial of Service (DoS), making the application unavailable." ], "statement" : "This vulnerability is a segmentation fault triggered when the library's argument-parsing utility encounters unexpected input or malformed command-line arguments. This leads to a local Denial of Service (DoS), causing the utility to crash during execution. Because the impact is limited to the local process and does not facilitate unauthorized access or persistent service disruption, the overall security risk is considered low.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "giflib", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "giflib", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "giflib", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "giflib", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-39742\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39742\nhttps://sourceforge.net/p/giflib/bugs/166/" ], "name" : "CVE-2023-39742", "csaw" : false }