Lucene search
Jieyongma104D8C5D-CAC5-4BAA-9AC9-291EA0BCAB95HistoryApr 20, 2022 - 8:31 a.m.
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.
2022-04-2008:31:26
jieyongma
www.huntr.dev
9
0.001 Low
EPSS
Percentile
44.9%
Steps to reproduce the issue
git clone https://github.com/hpjansson/chafa.git
cd chafa
export CFLAGS=“-g -O0”
export CXXFLAGS=“-g -O0”
./autogen.sh
./configure --disable-shared
make
./tools/chafa/chafa ./poc.gif
gdb --args ./tools/chafa/chafa ./poc.gif
https://github.com/JieyongMa/poc/raw/main/gdb.jpg
Proof of Concept
Related
alpinelinux
alpinelinux
CVE-2022-1507
2022-04-27 17:15:00
openvas
openvas
Fedora: Security Advisory for chafa (FEDORA-2022-4bdf35a1b5)
2022-05-17 00:00:00
Fedora: Security Advisory for chafa (FEDORA-2022-0aab67e874)
2022-05-17 00:00:00
Fedora: Security Advisory for chafa (FEDORA-2022-e72698d659)
2022-05-17 00:00:00
cve
cve
CVE-2022-1507
2022-04-27 17:15:07
suse
suse
Security update for chafa (moderate)
2022-06-23 00:00:00
prion
prion
Null pointer dereference
2022-04-27 17:15:00
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2022-1507
2022-04-27 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: chafa-1.2.1-7.fc35
2022-05-16 02:07:30
[SECURITY] Fedora 34 Update: chafa-1.2.1-7.fc34
2022-05-16 01:45:27
[SECURITY] Fedora 36 Update: chafa-1.8.0-4.fc36
2022-05-16 01:09:48
veracode
veracode
Denial Of Service (DoS)
2022-05-02 07:23:44
osv
osv
CVE-2022-1507
2022-04-27 17:15:07
nvd
nvd
CVE-2022-1507
2022-04-27 17:15:07
debiancve
debiancve
CVE-2022-1507
2022-04-27 17:15:07
redhatcve
redhatcve
CVE-2022-1507
2022-05-20 22:40:47
nessus
nessus
openSUSE 15 Security Update : chafa (openSUSE-SU-2022:10025-1)
2022-06-24 00:00:00