CVE-2016-3177 — CRITICAL (9.8)

Vulnerability Description

Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Giflib Project	Giflib	5.1.2

Related Weaknesses (CWE)

CWE-416 CWE-415

References

http://www.openwall.com/lists/oss-security/2016/03/16/12Mailing ListThird Party Advisory
https://sourceforge.net/p/giflib/bugs/83/Issue TrackingPatch
http://www.openwall.com/lists/oss-security/2016/03/16/12Mailing ListThird Party Advisory
https://sourceforge.net/p/giflib/bugs/83/Issue TrackingPatch

FAQ

What is CVE-2016-3177?

CVE-2016-3177 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.

How severe is CVE-2016-3177?

CVE-2016-3177 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-3177?

Check the references section above for vendor advisories and patch information. Affected products include: Giflib Project Giflib.