Description
vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.
References (3)
Core 3
Core References
Patch x_refsource_misc
https://github.com/libvips/libvips/compare/v8.8.1...v8.8.2
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796
Scores
CVSS v3
8.8
EPSS
0.0099
EPSS Percentile
76.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (1)
libvips/libvips
< 8.8.2
Published
Oct 13, 2019
Tracked Since
Feb 18, 2026