CVE-2023-39742: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

August 25, 2023 (updated November 7, 2023)

giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.

References

gist.github.com/huanglei3/ec9090096aa92445cf0a8baa8e929084
nvd.nist.gov/vuln/detail/CVE-2023-39742
sourceforge.net/p/giflib/bugs/166/

Code Behaviors & Features

Detect and mitigate CVE-2023-39742 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →