Divide By Zero Affecting giflib package, versions <5.1.4-3+deb10u1
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Availability
High
Threat Intelligence
EPSS
0.12% (46th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-GIFLIB-459719
- published 18 Aug 2019
- disclosed 17 Aug 2019
Introduced: 17 Aug 2019
CVE-2019-15133 Open this link in a new tabHow to fix?
Upgrade Debian:10 giflib to version 5.1.4-3+deb10u1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream giflib package and not the giflib package as distributed by Debian.
See How to fix? for Debian:10 relevant fixed versions and status.
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.