Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM0465B2BF7F1FF80960515F1767A235171A2A1BB2BD84EA99AA57AA947DB94901
HistoryJun 18, 2018 - 1:32 a.m.

Security Bulletin: IBM Flex System Manager (FSM) is affected by a giflib vulnerability (CVE-2016-3977)

2018-06-1801:32:58
www.ibm.com
15

EPSS

0.018

Percentile

88.4%

JSON

Summary

A security vulnerability has been discovered in giflib that is embedded in the IBM FSM. This bulletin addresses this vulnerability

Vulnerability Details

CVEID: CVE-2016-3977**
DESCRIPTION:** giflib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by util/gif2rgb.c. By using a specially-crafted .gif file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112618 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Flex System Manager 1.3.4.x
Flex System Manager 1.3.3.x
Flex System Manager 1.3.2.x

Remediation/Fixes

IBM recommends updating the FSM using the instructions referenced in this table.

Product |

VRMF |

APAR |

Remediation
—|—|—|—
Flex System Manager|

1.3.4.x |

IT16217

| Install fsmfix1.3.4.0_IT16216_IT16217_IT16218_IT16219
Flex System Manager|

1.3.3.x |

IT16217

| Install fsmfix1.3.3.0_IT16216_IT16217_IT16218_IT16219
Flex System Manager|

1.3.2.x |

IT16217

| Install fsmfix1.3.2.0_IT16216_IT16217_IT16218_IT16219

For 1.1.x.x, 1.2.x.x, 1.3.0.x and 1.3.1.x IBM recommends upgrading to a fixed, supported version/release of the product.

Workarounds and Mitigations

None

Related

mageia 1
openvas 11
nessus 18
debiancve 1
prion 1
cvelist 1
ubuntucve 2
nvd 1
alpinelinux 1
cve 1
ubuntu 1
suse 1
ibm 1
mageia
mageia
Updated giflib packages fix security vulnerability
2016-11-26 13:41:56
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:1140-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1139-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2016-0399)
2022-01-28 00:00:00
nessus
nessus
RHEL 5 : giflib (Unpatched Vulnerability)
2024-05-11 00:00:00
SUSE SLED12 / SLES12 Security Update : giflib (SUSE-SU-2016:1140-1)
2016-04-27 00:00:00
openSUSE Security Update : giflib (openSUSE-2016-497)
2016-04-21 00:00:00
debiancve
debiancve
CVE-2016-3977
2016-04-21 14:59:02
prion
prion
Heap overflow
2016-04-21 14:59:00
cvelist
cvelist
CVE-2016-3977
2016-04-21 14:00:00
ubuntucve
ubuntucve
CVE-2016-3977
2016-04-21 00:00:00
CVE-2020-23922
2021-04-21 00:00:00
nvd
nvd
CVE-2016-3977
2016-04-21 14:59:02
alpinelinux
alpinelinux
CVE-2016-3977
2016-04-21 14:59:02
cve
cve
CVE-2016-3977
2016-04-21 14:59:02
ubuntu
ubuntu
GIFLIB vulnerabilities
2019-08-20 00:00:00
suse
suse
Security update for giflib (moderate)
2022-05-06 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in krb5, giflib and freetype2 affect IBM BladeCenter Advanced Management Module (AMM) and IBM Flex System Chassis Management Module (CMM)
2023-04-14 14:32:25

EPSS

0.018

Percentile

88.4%

JSON
Related for 0465B2BF7F1FF80960515F1767A235171A2A1BB2BD84EA99AA57AA947DB94901
mageia1openvas11nessus18debiancve1prion1cvelist1ubuntucve2nvd1alpinelinux1cve1ubuntu1suse1ibm1