Vulnerability Name:

CVE-2005-3350 (CCN-22980)

Assigned:2005-11-03
Published:2005-11-03
Updated:2018-10-19
Summary:libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Data Manipulation
References:Source: MISC
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=109997

Source: MITRE
Type: CNA
CVE-2005-3350

Source: CCN
Type: RHSA-2005-828
libungif security update

Source: CCN
Type: RHSA-2009-0444
Important: giflib security update

Source: CCN
Type: Chris Evans Security Advisory - CESA-2005-007 - rev 1
libungif / libgif GIF decompression vulnerabilities

Source: MISC
Type: UNKNOWN
http://scary.beasts.org/security/CESA-2005-007.txt

Source: CCN
Type: SA17436
libungif GIF File Handling Two Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
17436

Source: SECUNIA
Type: UNKNOWN
17438

Source: SECUNIA
Type: UNKNOWN
17442

Source: CCN
Type: SA17462
giflib GIF File Handling Two Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
17462

Source: SECUNIA
Type: UNKNOWN
17482

Source: SECUNIA
Type: UNKNOWN
17488

Source: SECUNIA
Type: UNKNOWN
17497

Source: SECUNIA
Type: UNKNOWN
17508

Source: SECUNIA
Type: UNKNOWN
17559

Source: SECUNIA
Type: UNKNOWN
34872

Source: SECUNIA
Type: UNKNOWN
35164

Source: CCN
Type: SECTRACK ID: 1015149
libungif NULL Pointer Dereference and Memory Access Error May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015149

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?release_id=364493

Source: CCN
Type: SourceForge.net
Project: Libungif - An uncompressed GIF library: Summary

Source: CCN
Type: ASA-2006-026
libungif security update (RHSA-2005-828)

Source: DEBIAN
Type: UNKNOWN
DSA-890

Source: DEBIAN
Type: DSA-890
libungif4 -- several vulnerabilities

Source: CCN
Type: GLSA-200511-03
giflib: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200511-03

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:207

Source: OSVDB
Type: UNKNOWN
20471

Source: CCN
Type: OSVDB ID: 20471
libungif/giflib Crafted .gif File Arbitrary Code Execution

Source: REDHAT
Type: Vendor Advisory
RHSA-2005:828

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0444

Source: FEDORA
Type: UNKNOWN
FLSA:174479

Source: FEDORA
Type: UNKNOWN
FLSA-2006:174479

Source: BID
Type: UNKNOWN
15299

Source: CCN
Type: BID-15299
Libungif Colormap Handling Memory Corruption Vulnerability

Source: CCN
Type: USN-214-1
libungif vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-214-1

Source: VUPEN
Type: UNKNOWN
ADV-2005-2295

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413

Source: XF
Type: UNKNOWN
libungif-gif-execute-code(22980)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9314

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-5118

Source: SUSE
Type: SUSE-SR:2005:025
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:026
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libungif:libungif:*:*:*:*:*:*:*:* (Version <= 4.1)
  • OR cpe:/a:libungif:libungif:4.1.3:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:libungif:libungif:4.1.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20053350
    V
    		CVE-2005-3350
    2015-11-16
    oval:org.mitre.oval:def:29286
    P
    		RHSA-2009:0444 -- giflib security update (Important)
    2015-08-17
    oval:org.mitre.oval:def:21867
    P
    		ELSA-2009:0444: giflib security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:9314
    V
    		libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.
    2013-04-29
    oval:com.redhat.rhsa:def:20090444
    P
    		RHSA-2009:0444: giflib security update (Important)
    2009-04-22
    oval:org.debian:def:890
    V
    		several vulnerabilities
    2005-11-09
    oval:com.redhat.rhsa:def:20050828
    P
    		RHSA-2005:828: libungif security update (Important)
    2005-11-03
    BACK
    libungif libungif *
    libungif libungif 4.1.3
    libungif libungif 4.1.3
    debian debian linux 3.0
    gentoo linux *
    mandrakesoft mandrake linux corporate server 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux corporate server 2.1