CVE-2025-31344

A library and utilities for processing GIFs

Brought to you by: abadger1999, esr

#187 CVE-2025-31344

Milestone: v1.0_(example)

Status: closed

Owner: nobody

Labels: None

Priority: 1

Updated: 2026-02-18

Created: 2025-04-29

Creator: Luke Griffioen

Private: No

https://www.cve.org/CVERecord?id=CVE-2025-31344

In the function DumpScreen2RGB of the giflib software, an attempt is made to access the color map through
ColorMapEntry. The size of ColorMap is 6 bytes (from 0x602000000030 to 0x602000000036). However, when accessing
ColorMap->Colors[GifRow[j]], the value of GifRow[j] exceeds the actual number of colors stored. The address pointed to
by ColorMapEntry, 0x602000000039, goes beyond the allocated memory range for color data. As a result, accessing
ColorMapEntry->Red leads to out-of-bounds access, causing a heap-buffer-overflow.

Discussion

Eric S. Raymond - 2026-02-18

Fix pushed.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Eric S. Raymond - 2026-02-18

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CVE-2025-31344

A library and utilities for processing GIFs

Group

Searches

Help

#187 CVE-2025-31344

Discussion